summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl.c
AgeCommit message (Expand)Author
2006-11-07Only try to recursively print rules if they are actually anchors.Ryan Thomas McBride
2006-11-07Unbreak authpf by handling non-inline anchors separately from the { } anchorsRyan Thomas McBride
2006-11-05Don't open a transaction for a ruleset unless it's a brace ruleset thatRyan Thomas McBride
2006-11-01sync usage(); ok mcbrideJason McIntyre
2006-11-01Don't recures ALL the time.Ryan Thomas McBride
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-31Allow pfctl ruleset optimizer to be controlled from the ruleset.Ryan Thomas McBride
2006-10-31- don't allow anchors with _* names to be cleared or loaded from theRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-06-30spacesTheo de Raadt
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-04-24don't clear interface flags (set skip on) when -N/-F is used without -O,Daniel Hartmeier
2005-11-17for pfctl -f rules, open the file before resetting options. when openingDaniel Hartmeier
2005-07-11clear PFI_IFLAG_SKIP when clearing interface flags, found by David Hill,Daniel Hartmeier
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-06-13free memory in show_src_nodes and show_states, as reported byJared Yanovich
2005-05-28don't print the "[ Inserted: uid pid ]" line when -g is used, so theDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-23change pool allocation of table entries, no longer use the oldnointrDaniel Hartmeier
2005-05-22Add support to kill states that match networks.Marco Pfatschbacher
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2005-05-05typoJoel Knight
2005-03-07fd leaks in error paths, From: Andrey Matveev <andrushock@korovino.net>Henning Brauer
2005-03-06print "set skip on" with -v in such a way that the output is valid inputDaniel Hartmeier
2005-01-06Missing braces in pfctl_load_debug(), pointed out by camield@Ryan Thomas McBride
2005-01-05Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie.Ryan Thomas McBride
2004-12-29change last commit so that the test for PF_OPT_NOACTION is actually inDan Harnett
2004-12-29don't clear interface flags if '-n' option was given.Dan Harnett
2004-12-29be quiet about resetting the interface flags omn ruleset load, onlyHenning Brauer
2004-12-28reset skip interface flags on reloads and for -FallHenning Brauer
2004-12-27unbreak treeTheo de Raadt
2004-12-27reset skip interface flags on reloads and for -FallHenning Brauer
2004-12-22Introduce 'set skip on <ifspec>' to support a list of interfaces where noDaniel Hartmeier
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-08-26sync usage for -aJared Yanovich
2004-08-08spacingTheo de Raadt
2004-07-23- make SYNOPSIS and usage() clear that -t precedes -T;Jason McIntyre
2004-07-19print the correct labels when displaying timeouts with pfctl (eg, pfctl -st).David Gwynne
2004-07-16'pfctl -o' ruleset optimizer that doesnt change the meaning of the final rulesetMike Frantzen
2004-05-21Use '/' instead of ':' as separator for anchor path components. Note thatDaniel Hartmeier
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-09Do not try to load directories. found+ok mpech@Cedric Berger
2004-03-20make pfctl -s osfp work and remove -o option from manpage; ok deraadt@David Krause
2004-03-15cast %llu arguments to unsigned long long, from Max Laier,Daniel Hartmeier
2004-03-03no newline in errx, bad cedric; spotted by teduTheo de Raadt
2004-02-27make pfctl -s all a bit more useful again by not printing a lllooooooottttt ofHenning Brauer
2004-02-26Fix/Simplify printing of titles with "pfctl -s all". ok mcbride@Cedric Berger
2004-02-25Don't clear global stuff when an anchor is given in addition to -Fa.Cedric Berger
2004-02-19Makes pfctl -ss and pfctl -sq use optional -i argument.Cedric Berger