summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_parser.c
AgeCommit message (Expand)Author
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-13repair a double-free suggested by parfait; ok mcbrideTheo de Raadt
2010-01-13fix some leaks found by parfaitJonathan Gray
2010-01-12Only print route specs with @if notation if there is an IP address.Ryan Thomas McBride
2010-01-12Unbreak 10/8 and friends.Ryan Thomas McBride
2010-01-12Fix some issues in redir spec handling, discovered thanks to dlg testingRyan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2009-12-24spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.hIgor Sobrado
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-11-23since "nat/rdr pass" are history natpass can goHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-02all the new *-to options are part of the "filteropts" section at theReyk Floeter
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-04-15restore printing of the fragment option; ok henning@David Krause
2009-04-06print prettier, from sthen@Henning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
2008-05-09convert port byte order in the production; add port keyword; ok deraadt@Markus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2007-10-15specifying int instead of just unsigned is better styleTheo de Raadt
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-10-25allow the log interface to be selected likeHenning Brauer
2006-10-17Don't automatically set 'flags S/SA' on stateless rules.Ryan Thomas McBride
2006-10-06Print 'flags any' correctly and handle anchors.Ryan Thomas McBride
2006-10-06'no state' should only be printed on pass rules, though.Ryan Thomas McBride
2006-10-06Print out 'no state' when the rule is not stateful.Ryan Thomas McBride
2006-08-08properly join host lists in ifa_grouplookup(), closes PR 5195,Daniel Hartmeier
2006-07-06add "rtable" to select alternate routing tables.Henning Brauer
2006-06-30spacesTheo de Raadt
2006-05-23member interfaces of groups might have no IPs and ifa_lookup retun NULL,Henning Brauer
2006-03-21instead of sizeof(array) / sizeof(element) computation, use the existingDaniel Hartmeier
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-10-18add support for static interface group expansion, i. e.Henning Brauer
2005-10-13unused parametersHenning Brauer
2005-06-30in order for pfvar.h not to conflict with openssl's crypto.h, useNikolay Sturm
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier