| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-07-08 | Don't allow 'flags' option in non-TCP rules, found by mpech@ | Daniel Hartmeier | |
| 2002-07-05 | unbreak. | Henning Brauer | |
| 2002-07-05 | another small bug I found while installing a -current pf firewall. | Henning Brauer | |
| we don't support pass/block in on ! <interface> (at least, not yet) let the parser complain instead of ignoring the '!' ok pb@, dhartmei@ | |||
| 2002-07-05 | allow unsetting the statusinterface via | Henning Brauer | |
| set loginterface none ok dhartmei@ | |||
| 2002-07-01 | streamline parse buffer handling (no need to copy value that is not | Marc Espie | |
| going to go away). add explicit pushback buffer, to be able to push IPv6 failed parses back. handle pushback + parse buffer interactions by using negative indices. okay dhartmei@, deraadt@ | |||
| 2002-07-01 | KNF | Theo de Raadt | |
| 2002-06-28 | Don't check for address family conflicts in nat/rdr before expansion, | Daniel Hartmeier | |
| rules will expand to all valid combinations, and there's an error when none is found. Makes "nat on tun0 from 10.0.0.0/8 to any -> (tun0)" work (again). | |||
| 2002-06-27 | fix synopsis, closes pr2775 | Henning Brauer | |
| ok pb@ | |||
| 2002-06-27 | repair formatting - the new "enabled since" format is longer than the old | Henning Brauer | |
| one and thus the field lengths need to be adjusted. ok dhartmei@, pb@ | |||
| 2002-06-25 | move pfctl options -t, -m, -O and -l to pf.conf. These are set using the | Henning Brauer | |
| "set" keyword. example rulefile: set optimization aggressive set timeout { tcp.closing 6, tcp.opening 6 } set limit { states 1000, frags 1000 } set loginterface wi0 pass out all keep state label "$nr:$srcaddr:$srcport:$dstaddr:$dstport" block in all fries@ is working on an updated pf.conf(5) discussed at c2k2 and on icb ok dhartmei@, kjell@ | |||
| 2002-06-24 | Use interface when specified in scrub rule. No support for ! or {} yet. | Daniel Hartmeier | |
| 2002-06-23 | uid_t and gid_t are unsigned | Theo de Raadt | |
| 2002-06-20 | Copy address family from inet/inet6 keyword, if specified. | Daniel Hartmeier | |
| 2002-06-19 | "Enabled for Ss" -> "Enabled for D days HH:MM:SS", ok frantzen@ | Daniel Hartmeier | |
| 2002-06-18 | propogate a '!' when a host resolves to multiple IP addresses | Mike Frantzen | |
| ok dhartmei@ | |||
| 2002-06-18 | don't allow individual keep state rules to specify timeouts for 'interval' and | Mike Frantzen | |
| 'frag' -- they aren't applied anyway ok dhartmei@ and henning@ | |||
| 2002-06-16 | Rules must in order -> Rules must be in order | Aaron Campbell | |
| 2002-06-15 | Reset rulestate in parse_rules(), so consecutive calls (like from authpf) | Daniel Hartmeier | |
| will not fail. Reported by Chris Kuethe. | |||
| 2002-06-14 | make the output of pfctl -k look nice again | Henning Brauer | |
| noticed by pb@ ok dhartmei@ | |||
| 2002-06-13 | Fix the numbering of scrub rules. pointed out and oked by frantzen@ | Kjell Wooding | |
| 2002-06-12 | this stuff really belongs to stderr, not stdout | Henning Brauer | |
| pointed out by ho@ ok dhartmei@, kjell@ | |||
| 2002-06-12 | Fix uninitialized access. Spotted by danh@ This is a good reason to | Kjell Wooding | |
| develop with "ln -s 'J' /etc/malloc.conf" enabled. ok henning@ | |||
| 2002-06-11 | split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble', | Mike Frantzen | |
| 'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking | |||
| 2002-06-11 | Typo in err() | Kjell Wooding | |
| 2002-06-11 | nuke an unused parameter in pfctl_timeout. ok frantzen@ | Kjell Wooding | |
| 2002-06-11 | Add -N, -R | Kjell Wooding | |
| 2002-06-11 | Add -N and -R options. When used in conjunction with | Kjell Wooding | |
| pfctl -f <rulefile> they allow just the nat or filter rules to be reloaded, respectively. The default (no flags) is to load everything. If -N is specified, any existing filter rules are retained, similarly for -R. ok deraadt@, dhartmei@ | |||
| 2002-06-11 | sync with reality | Henning Brauer | |
| ok dhartmei@ | |||
| 2002-06-11 | KNF, remove function parameter names | Daniel Hartmeier | |
| 2002-06-11 | Remove parse_nat() prototype, it's gone. Yes, authpf is broken at the | Daniel Hartmeier | |
| moment. | |||
| 2002-06-11 | Add $OpenBSD, license, include guards and remove one superfluous | Daniel Hartmeier | |
| prototype. From Chris Kuethe | |||
| 2002-06-11 | print a string for UDP and OTHER state level instead of a numeric level | Mike Frantzen | |
| ok dhartmei@, henning@ | |||
| 2002-06-11 | SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments | Mike Frantzen | |
| without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@ | |||
| 2002-06-11 | sync usage() with reality | Henning Brauer | |
| 2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier | |
| source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@ | |||
| 2002-06-11 | rework pfctl statistics display | Henning Brauer | |
| move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@ | |||
| 2002-06-10 | Merge the NAT and rules files into a single rulefile. Rules must be | Kjell Wooding | |
| in this order, to remove any ambiguity about what order things happen in: scrub rules nat rules filter rules The -N and -R modifiers go away. Rulefiles are now loaded with the more POSIXly-correct '-f' ok frantzen@ | |||
| 2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier | |
| proxy port ranges. | |||
| 2002-06-10 | Move enum out of struct (gcc 3.1 wasn't happy), from David Krause | Daniel Hartmeier | |
| 2002-06-10 | some olde version piece crept into my diffski; pt out by dfa@ | Michael Shalayeff | |
| 2002-06-10 | split scrub rule processing into its own yacc target, | Kjell Wooding | |
| for imminent config file merge. ok frantzen@ | |||
| 2002-06-09 | Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it | Daniel Hartmeier | |
| includes ports and operator. | |||
| 2002-06-09 | spaced out developers... | Theo de Raadt | |
| 2002-06-09 | Add list parsing in RDR rules: e.g. | Kjell Wooding | |
| rdr on $IFLIST proto tcp from $SRC_LIST to $DST_LIST port 21 \ -> 127.0.0.1 port 8021 ok dhartmei@ | |||
| 2002-06-09 | use strchr() instead of index() | Theo de Raadt | |
| 2002-06-08 | nuke unused parameter af to expand_label_port | Henning Brauer | |
| ok dhartmei@, pb@ | |||
| 2002-06-08 | Change remaining read-only lookup tables to const, suggestion drahn@ | Daniel Hartmeier | |
| 2002-06-08 | comment on IPv6 link-local twists | Jun-ichiro itojun Hagino | |
| 2002-06-08 | pf_timeouts is shared between pfctl and authpf, put it in the shared file. | Dale Rahn | |
| unbreak build. | |||
| 2002-06-08 | add list expansion to src/dest in NAT rules. i.e. | Kjell Wooding | |
| nat on fxp0 from { 10.0.0.0/24, 10.0.1.0/24 } to \ { 172.6.1.1, 172.14.1.2/32 } -> fxp0 ok theo, dhartmei@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |