summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_parser.c
AgeCommit message (Expand)Author
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2004-12-07re-commit mcbride@'s 'flush global', this time without the breakage inDaniel Hartmeier
2004-12-07oops, incomplete backoutTheo de Raadt
2004-12-07Change the default for 'overload <table> flush' to flush only states from theRyan Thomas McBride
2004-12-04Userland support for limiting open tcp connections per source. eg:Ryan Thomas McBride
2004-11-09do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.hDaniel Hartmeier
2004-09-30print invalid hostmask when refusing it, ok deraadt@Daniel Hartmeier
2004-09-27anchor rules referencing anchors using slashes may need quotes.Jared Yanovich
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-07-16'pfctl -o' ruleset optimizer that doesnt change the meaning of the final rulesetMike Frantzen
2004-06-29remove cedric's bogus interface name verification code.Henning Brauer
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-27plug memleak in error pathHenning Brauer
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-07typosHenning Brauer
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-04-14Better interface filtering. vlan1 should not match vlan19.Cedric Berger
2004-03-15cast %llu arguments to unsigned long long, from Max Laier,Daniel Hartmeier
2004-03-10plug 3 memory leaks; 2 from andrushock, 1 by meHenning Brauer
2004-02-10KNFHenning Brauer
2004-02-10new kernel reports enabled & disabled time - use that info.Cedric Berger
2004-02-03bring back this fluffy change, of course without the bug:Henning Brauer
2004-01-25This fix was made WITHOUT RUNNING REGRESS. Henning, you are beingTheo de Raadt
2004-01-22to parse v4 adresses, only use inet_net_pton when we find a /, otherwiseHenning Brauer
2003-12-31spacing. note this, cedricTheo de Raadt
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-19i wrote much of these, assert my copyrightHenning Brauer
2003-12-17cosmetics, ok mcbride@Daniel Hartmeier
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-11-14in print_status:Henning Brauer
2003-11-08Add 'no-sync' state option to prevent state transition messages for statesRyan Thomas McBride
2003-11-06two more KNF violations I missed earlier. who introduces those all the time?Henning Brauer
2003-11-06KNFHenning Brauer
2003-10-08fix cedric's breakage:Henning Brauer
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-09-18Not all address types have a mask.Cedric Berger
2003-08-22correct printf arg mismatch (in 64bit arch). dhartmei okJun-ichiro itojun Hagino
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-07-29Remove space at end of line.Cedric Berger
2003-07-21KNFHenning Brauer
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-15Repair memory managment in table parsing code.Cedric Berger