Age | Commit message (Expand) | Author |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-13 | repair a double-free suggested by parfait; ok mcbride | Theo de Raadt |
2010-01-13 | fix some leaks found by parfait | Jonathan Gray |
2010-01-12 | Only print route specs with @if notation if there is an IP address. | Ryan Thomas McBride |
2010-01-12 | Unbreak 10/8 and friends. | Ryan Thomas McBride |
2010-01-12 | Fix some issues in redir spec handling, discovered thanks to dlg testing | Ryan Thomas McBride |
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
2009-12-24 | spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.h | Igor Sobrado |
2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-11-23 | since "nat/rdr pass" are history natpass can go | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-10-28 | Add a dedicated pf pool for route options as suggested by henning, | Jonathan Gray |
2009-10-04 | Add (again) support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-08 | I had not enough oks to commit this diff. | Michele Marchetto |
2009-09-08 | Add support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-02 | all the new *-to options are part of the "filteropts" section at the | Reyk Floeter |
2009-09-01 | the diff theo calls me insanae for: | Henning Brauer |
2009-04-15 | restore printing of the fragment option; ok henning@ | David Krause |
2009-04-06 | print prettier, from sthen@ | Henning Brauer |
2009-04-06 | 1) scrub rules are completely gone. | Henning Brauer |
2008-09-09 | welcome pflow(4), a netflow v5 compatible flow export interface. | Henning Brauer |
2008-06-10 | Make counters on table addresses optional and disabled by default. | Ryan Thomas McBride |
2008-06-10 | new state option "sloppy" to use the sloppy tcp state tracker instead | Henning Brauer |
2008-05-09 | convert port byte order in the production; add port keyword; ok deraadt@ | Markus Friedl |
2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl |
2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl |
2007-10-15 | specifying int instead of just unsigned is better style | Theo de Raadt |
2006-10-31 | Allow a user to recursively print anchors including those without | Ryan Thomas McBride |
2006-10-28 | Load all rules into memory before loading into the kernel, and add support | Ryan Thomas McBride |
2006-10-25 | allow the log interface to be selected like | Henning Brauer |
2006-10-17 | Don't automatically set 'flags S/SA' on stateless rules. | Ryan Thomas McBride |
2006-10-06 | Print 'flags any' correctly and handle anchors. | Ryan Thomas McBride |
2006-10-06 | 'no state' should only be printed on pass rules, though. | Ryan Thomas McBride |
2006-10-06 | Print out 'no state' when the rule is not stateful. | Ryan Thomas McBride |
2006-08-08 | properly join host lists in ifa_grouplookup(), closes PR 5195, | Daniel Hartmeier |
2006-07-06 | add "rtable" to select alternate routing tables. | Henning Brauer |
2006-06-30 | spaces | Theo de Raadt |
2006-05-23 | member interfaces of groups might have no IPs and ifa_lookup retun NULL, | Henning Brauer |
2006-03-21 | instead of sizeof(array) / sizeof(element) computation, use the existing | Daniel Hartmeier |
2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
2005-10-18 | add support for static interface group expansion, i. e. | Henning Brauer |
2005-10-13 | unused parameters | Henning Brauer |
2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
2005-05-27 | Hide Hostid and Checksum in pfctl -si output unless the -v flag is used. | Ryan Thomas McBride |
2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
2005-05-27 | get rid of 'log-all'. now that we have 'log (options)', make 'all' an | Daniel Hartmeier |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
2005-05-26 | use PF_LOG, PF_LOGALL instead of numeric constants | Daniel Hartmeier |