summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_parser.h
AgeCommit message (Expand)Author
2018-02-08make the watermarks/thresholds for entering and leaving syncookie mode whenHenning Brauer
2018-02-08show current synflood detection watermarks in pfctl -vsi, for the lackHenning Brauer
2018-02-06allow control over syncookies: set syncookies never/always/adaptiveHenning Brauer
2017-11-25- patching use-after-free and innocent memory leak in pfctl_optimzie.cAlexandr Nedvedicky
2017-08-11add option -N (no domain resolution)Sebastian Benoit
2016-07-18no more cbq_opts - CBQ is gone, ok mpi phessler bennoHenning Brauer
2014-10-27Fixup incorrect expansion of the networking mask for dynamic interfaceMike Belopuhov
2014-08-23when you specify queues in a rule, make sure they have been defined.Martin Pelikan
2014-04-19remove altq bits here, tooHenning Brauer
2013-10-12config bits for the bandwidth shaping part of the new queueing subsystemHenning Brauer
2013-08-01Provide local implementations of if_nametoindex(3) and if_indextoname(3)Mike Belopuhov
2011-12-03pfctl_set_hostid always returns 0; don't pretend otherwise and make it aRyan Thomas McBride
2011-11-23print ports as numbers by default; -P prints names insteadHenning Brauer
2011-07-27Add support for weighted round-robin in load balancing pools and tables.Ryan Thomas McBride
2011-07-03bring in least-states load balancing algorithmJoerg Zinke
2011-04-06Userland bits to allow PF to filter on the rdomain a packet belongs to.Claudio Jeker
2010-06-25remove -m (merge).Henning Brauer
2010-03-23remove -A, -O, -R and -T loadHenning Brauer
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2010-01-10In the non-optimized case, an address list containing "any" (ie. { any 10.0.0...Theo de Raadt
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-31Allow pfctl ruleset optimizer to be controlled from the ruleset.Ryan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2005-11-17for pfctl -f rules, open the file before resetting options. when openingDaniel Hartmeier
2005-10-13unused parametersHenning Brauer
2005-10-13dead definesHenning Brauer
2005-02-07KNF; ok henning@David Krause
2005-01-05Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie.Ryan Thomas McBride
2004-12-22Introduce 'set skip on <ifspec>' to support a list of interfaces where noDaniel Hartmeier
2004-07-16'pfctl -o' ruleset optimizer that doesnt change the meaning of the final rulesetMike Frantzen
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-04-14make antispoof work with dynamic addresses. ok dhartmei@ mcbride@Cedric Berger
2004-02-10KNFDaniel Hartmeier
2004-01-29Clean up 'pfctl -s all' output.Ryan Thomas McBride
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-11-14allow the debuglevel to be set from pf.conf (set debug)Henning Brauer
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-07-31Make table tickets per-ruleset instead of global.Cedric Berger
2003-07-18Simplify handling of flags (-R, -N...). Remove PFCTL_FLAG_ALL.Cedric Berger
2003-07-11Better parsing and -v support for tables:Cedric Berger
2003-07-03Bye bye atexit(), bye bye globals...Cedric Berger
2003-07-03This patch finally cleanup pfctl_table.c. No more global buffer,Cedric Berger
2003-05-19reject invalid netmasks like 10.0.0.0/68, and fix up the netmask forHenning Brauer