summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2004-12-19use strchr instead of indexTheo de Raadt
2004-12-15missing free()s; with patHenning Brauer
2004-12-14&&/|| inversion would try to merge IP addresses with non-addresses into aMike Frantzen
2004-12-14add two warn() calls to make sure a warning message gets printed if one ofMike Frantzen
2004-12-13sync authpf anchor syntax;Jason McIntyre
2004-12-10allow pf to filter on route labelsHenning Brauer
2004-12-08Add "'overload' requires 'max-src-conn' or 'max-src-conn-rate'" sanity check,Ryan Thomas McBride
2004-12-07re-commit mcbride@'s 'flush global', this time without the breakage inDaniel Hartmeier
2004-12-07real backoutTheo de Raadt
2004-12-07oops, incomplete backoutTheo de Raadt
2004-12-07tree does not compile, spotted by dlg (not obvious how to fix)Theo de Raadt
2004-12-07Change the default for 'overload <table> flush' to flush only states from theRyan Thomas McBride
2004-12-05initialize $$->tail and $$->next for MAXSRCCONNRATEDaniel Hartmeier
2004-12-04Userland support for limiting open tcp connections per source. eg:Ryan Thomas McBride
2004-11-09do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.hDaniel Hartmeier
2004-09-30print invalid hostmask when refusing it, ok deraadt@Daniel Hartmeier
2004-09-27anchor rules referencing anchors using slashes may need quotes.Jared Yanovich
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-08-26sync usage for -aJared Yanovich
2004-08-26update w.r.t. recursive anchorsJared Yanovich
2004-08-08spacingTheo de Raadt
2004-07-23- make SYNOPSIS and usage() clear that -t precedes -T;Jason McIntyre
2004-07-19print the correct labels when displaying timeouts with pfctl (eg, pfctl -st).David Gwynne
2004-07-16'pfctl -o' ruleset optimizer that doesnt change the meaning of the final rulesetMike Frantzen
2004-06-29remove cedric's bogus interface name verification code.Henning Brauer
2004-06-29convert a few memcpy()s to strlcpy() so we don't copy uninitialized junk intoMike Frantzen
2004-06-26add back PF_INOUT, fixes reassemble tcpDavid Krause
2004-06-25repair tree nanobreak by the nanobumTheo de Raadt
2004-06-21Update manpage to reflect changes in anchor namingMathieu Sauve-Frankel
2004-06-14Remove unused functions. ok beck@ henning@Cedric Berger
2004-06-12Fix table add/replace commands with securelevel=2.Cedric Berger
2004-06-10Work around an uncovered gcc problem on m88k until it receives proper cure.Miod Vallat
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-30various improvements and fixes from jared yanovich;Jason McIntyre
2004-05-27plug memleak in error pathHenning Brauer
2004-05-21Use '/' instead of ':' as separator for anchor path components. Note thatDaniel Hartmeier
2004-05-20bzero() ifr before use, From: Andrey Matveev <andrushock@korovino.net>Henning Brauer
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-07typosHenning Brauer
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-27make "pfctl -vvsq" to print "No queue in use" and exit when there is noKenjiro Cho
2004-04-26do more careful altq bandwidth checking.Kenjiro Cho
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-04-22typo, From: Jared Yanovich <jjy2+@pitt.edu>Henning Brauer
2004-04-14make antispoof work with dynamic addresses. ok dhartmei@ mcbride@Cedric Berger
2004-04-14Better interface filtering. vlan1 should not match vlan19.Cedric Berger
2004-04-09Do not try to load directories. found+ok mpech@Cedric Berger
2004-03-20spelling fix; ok dhartmei@ henning@ deraadt@David Krause
2004-03-20make pfctl -s osfp work and remove -o option from manpage; ok deraadt@David Krause
2004-03-15cast %llu arguments to unsigned long long, from Max Laier,Daniel Hartmeier