summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_parser.c
AgeCommit message (Expand)Author
2010-10-12pfctl -sr did not show divert-reply rules without address familyAlexander Bluhm
2010-09-22new log opt "matches"Henning Brauer
2010-09-02remove trailing spaces and tabs; no binary change.Igor Sobrado
2010-07-13Fix (pflow) display in rule printing. Spotted by dhill@, ok henning@Stuart Henderson
2010-07-03Fix a couple of problems with printing of anchors, in particular recursiveRyan Thomas McBride
2010-07-03Use our own enum here rather than abusing the PF rule type enums, whichRyan Thomas McBride
2010-06-29Fix use after free. Found by regress tests.Charles Longeau
2010-05-16plug memory leak. `ps' was allocated with strdup(3), but on error pathzinovik
2010-03-22Following diff fixes memory leak. `debug' is allocated via asprintf(3) so weTheo de Raadt
2010-03-18Fix rdr-to printing in pfctl -sr when reply-to is in use.Stuart Henderson
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-13repair a double-free suggested by parfait; ok mcbrideTheo de Raadt
2010-01-13fix some leaks found by parfaitJonathan Gray
2010-01-12Only print route specs with @if notation if there is an IP address.Ryan Thomas McBride
2010-01-12Unbreak 10/8 and friends.Ryan Thomas McBride
2010-01-12Fix some issues in redir spec handling, discovered thanks to dlg testingRyan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2009-12-24spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.hIgor Sobrado
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-11-23since "nat/rdr pass" are history natpass can goHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-02all the new *-to options are part of the "filteropts" section at theReyk Floeter
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-04-15restore printing of the fragment option; ok henning@David Krause
2009-04-06print prettier, from sthen@Henning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
2008-05-09convert port byte order in the production; add port keyword; ok deraadt@Markus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2007-10-15specifying int instead of just unsigned is better styleTheo de Raadt
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-10-25allow the log interface to be selected likeHenning Brauer
2006-10-17Don't automatically set 'flags S/SA' on stateless rules.Ryan Thomas McBride
2006-10-06Print 'flags any' correctly and handle anchors.Ryan Thomas McBride
2006-10-06'no state' should only be printed on pass rules, though.Ryan Thomas McBride
2006-10-06Print out 'no state' when the rule is not stateful.Ryan Thomas McBride
2006-08-08properly join host lists in ifa_grouplookup(), closes PR 5195,Daniel Hartmeier
2006-07-06add "rtable" to select alternate routing tables.Henning Brauer
2006-06-30spacesTheo de Raadt
2006-05-23member interfaces of groups might have no IPs and ifa_lookup retun NULL,Henning Brauer
2006-03-21instead of sizeof(array) / sizeof(element) computation, use the existingDaniel Hartmeier