summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_parser.c
AgeCommit message (Expand)Author
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
2008-05-09convert port byte order in the production; add port keyword; ok deraadt@Markus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2007-10-15specifying int instead of just unsigned is better styleTheo de Raadt
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-10-25allow the log interface to be selected likeHenning Brauer
2006-10-17Don't automatically set 'flags S/SA' on stateless rules.Ryan Thomas McBride
2006-10-06Print 'flags any' correctly and handle anchors.Ryan Thomas McBride
2006-10-06'no state' should only be printed on pass rules, though.Ryan Thomas McBride
2006-10-06Print out 'no state' when the rule is not stateful.Ryan Thomas McBride
2006-08-08properly join host lists in ifa_grouplookup(), closes PR 5195,Daniel Hartmeier
2006-07-06add "rtable" to select alternate routing tables.Henning Brauer
2006-06-30spacesTheo de Raadt
2006-05-23member interfaces of groups might have no IPs and ifa_lookup retun NULL,Henning Brauer
2006-03-21instead of sizeof(array) / sizeof(element) computation, use the existingDaniel Hartmeier
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-10-18add support for static interface group expansion, i. e.Henning Brauer
2005-10-13unused parametersHenning Brauer
2005-06-30in order for pfvar.h not to conflict with openssl's crypto.h, useNikolay Sturm
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2004-12-07re-commit mcbride@'s 'flush global', this time without the breakage inDaniel Hartmeier
2004-12-07oops, incomplete backoutTheo de Raadt
2004-12-07Change the default for 'overload <table> flush' to flush only states from theRyan Thomas McBride
2004-12-04Userland support for limiting open tcp connections per source. eg:Ryan Thomas McBride
2004-11-09do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.hDaniel Hartmeier
2004-09-30print invalid hostmask when refusing it, ok deraadt@Daniel Hartmeier
2004-09-27anchor rules referencing anchors using slashes may need quotes.Jared Yanovich
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-07-16'pfctl -o' ruleset optimizer that doesnt change the meaning of the final rulesetMike Frantzen
2004-06-29remove cedric's bogus interface name verification code.Henning Brauer
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-27plug memleak in error pathHenning Brauer
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-07typosHenning Brauer
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-04-14Better interface filtering. vlan1 should not match vlan19.Cedric Berger
2004-03-15cast %llu arguments to unsigned long long, from Max Laier,Daniel Hartmeier
2004-03-10plug 3 memory leaks; 2 from andrushock, 1 by meHenning Brauer
2004-02-10KNFHenning Brauer
2004-02-10new kernel reports enabled & disabled time - use that info.Cedric Berger