| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-07-06 | knf (cedric did not do it right) | Theo de Raadt | |
| 2003-07-04 | KNF | Henning Brauer | |
| 2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller | |
| traffic reporting w/ pfsync; ok dhartmei@ Note: ABI change (new fields in struct pf_state), requires a rebuild of pfctl and tcpdump. | |||
| 2003-06-20 | some cleanings recommended by lint; dhartmei ok | Theo de Raadt | |
| 2003-06-07 | in print_host(), don't set the mask blindly to /128 but adhere to the | Henning Brauer | |
| address family. fixes the ipv4/128:port output in pfctl -ss. | |||
| 2003-05-19 | print out the full netmask; don't just ignore the upper bits in the v4 case | Henning Brauer | |
| helps finding assignment bugs. | |||
| 2003-05-17 | Fix proxy related output. | Daniel Hartmeier | |
| 2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier | |
| 'synproxy state' for TCP connections. pf will complete the TCP handshake with the active endpoint before passing any packets to the passive end- point, preventing spoofed SYN floods from reaching the passive endpoint. No additional memory requirements, no cookies needed, random initial sequence numbers, uses the existing sequence number modulators to translate packets after the handshakes. ok frantzen@ | |||
| 2003-04-09 | on "pfctl -vvss", print the anchor rule number when there is one. | Cedric Berger | |
| ok dhartmei@ henning@ | |||
| 2003-04-03 | Simplify pfctl printing code. | Cedric Berger | |
| ok dhartmei@ henning@ | |||
| 2003-03-24 | Add missing return. Fix following buglet: | Cedric Berger | |
| # echo "pass in from <veryLONGtableNAME>" | pfctl -nvf- pass in from <veryLONGtableNAME>/0 to any | |||
| 2003-03-08 | Remove unneeded #includes, from Andrey Matveev andrushock(at)pisem(dot)net | Daniel Hartmeier | |
| 2003-01-21 | Support for TCP window scaling (RFC 1323). ok frantzen@ | Daniel Hartmeier | |
| 2003-01-20 | Remove unused argument from print_name() and fix two other nits | Camiel Dobbelaar | |
| found by lint. ok henning | |||
| 2003-01-20 | Improve pfctl -vvs{r,n} output with rule containing tables. | Cedric Berger | |
| Shows the number of entries in the table or if the table is not active. ok dhartmei@, no objections. | |||
| 2003-01-07 | Remove table name hashing (pass the name in each ioctl instead), and | Daniel Hartmeier | |
| introduce reference counting for tables, they are now automatically created and deleted through referencing rules. Diff partly from cedric@. ok mcbride@, henning@, cedric@ | |||
| 2003-01-05 | Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for table | Daniel Hartmeier | |
| name. ok henning@, mcbride@, cedric@ | |||
| 2003-01-04 | I do not know where this policy of "one .h file for every .c file" comes | Theo de Raadt | |
| from, but whoever thought of it is stupid. | |||
| 2003-01-03 | Bring in userland code for accessing PF radix tables. | Cedric Berger | |
| ok dhartmei@ mcbride@ | |||
| 2002-12-18 | rule.nr USHRT_MAX -> -1, to detect states whose creating rules are | Daniel Hartmeier | |
| already gone. | |||
| 2002-11-30 | move unmask back into pf_print_state.c where it was, and please keep it ↵ | Michael Shalayeff | |
| there; henning@ ok | |||
| 2002-11-29 | no need for extra hrs; henning@ ok | Michael Shalayeff | |
| 2002-11-23 | KNF | Theo de Raadt | |
| 2002-11-23 | code to support loading of pf rules with multiple redirection addresses | Ryan Thomas McBride | |
| (in nat, rdr, route-to, dup-to and reply-to) Syntax looks like this, see pf.conf(5) for details: nat on wi0 proto { tcp, icmp } from any to 192.168.0.2 -> \ 192.168.0.16/29 source-hash random rdr on wi0 proto { tcp } from any to 192.168.0.34 port 22 -> \ { 192.168.0.8/31, 192.168.0.15 } port 22 round-robin ok dhartmei@ henning@ | |||
| 2002-11-02 | %i -> %d, matches the style of existing code, from millert@ | Daniel Hartmeier | |
| 2002-11-02 | printf int with %i, not %u. from pilot@monkey.org. | Daniel Hartmeier | |
| 2002-10-25 | - more sa_family_t | Camiel Dobbelaar | |
| - move unmask code to correct file - whitespace ok mcbride@ dhartmei@ | |||
| 2002-10-22 | More conversion of "int af" and "u_int8_t af" declarations and function | Ryan Thomas McBride | |
| arguments to the more correct and descriptive "sa_family_t af" ok dhartmei@ henning@ | |||
| 2002-07-31 | KNF, esp. missing prototypes | Henning Brauer | |
| 2002-07-19 | Use getnameinfo() instead of gethostbyaddr() to support IPv6 reverse | Daniel Hartmeier | |
| lookups with pfctl -r. Makes things actually simpler. | |||
| 2002-07-18 | use inet_aton(), until this is made v6 aware | Theo de Raadt | |
| 2002-06-11 | print a string for UDP and OTHER state level instead of a numeric level | Mike Frantzen | |
| ok dhartmei@, henning@ | |||
| 2002-06-06 | split out the pf_state printing functions to be used elsewhere, no ↵ | Michael Shalayeff | |
| functional change; dhartmei@ ok | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |