| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-07-11 | Error on invalid ports | Constantine Sapuntzakis | |
| 2001-07-10 | Oops, we can't use 0 as next_addr()'s error return since 0.0.0.0 is | Todd C. Miller | |
| a valid address. Instead I add a pointer to the result as a parameter and return 0 on failure and 1 on success. Also uses inet_pton() instead of inet_aton(). | |||
| 2001-07-10 | Resolve as a host name if not an IP address; dhartmei@ OK | Todd C. Miller | |
| 2001-07-10 | move "proto" in the nat case as well | Todd C. Miller | |
| 2001-07-09 | Move the proto field to be after the "on" argument which is consistent | Todd C. Miller | |
| with pf.conf. If no proto is specified tcp is assumed. dhartmei@ OK | |||
| 2001-07-09 | Extend nat/rdr syntax. Add source/destination selection. Make | Daniel Hartmeier | |
| interface optional. Suggested by rdump@river.com. nat [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) -> <addr> [proto (tcp | udp | icmp)] rdr [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) port <a>[:<b>] -> <addr> port <c>[:*] [proto (tcp | udp | icmp)] | |||
| 2001-07-06 | Allow negative match on interface name for nat and rdr | Chris Cappuccio | |
| ok dhartmei@ | |||
| 2001-07-05 | &, not &&. Pointed out by dhartmei@. | Hakan Olsson | |
| 2001-07-04 | cleaner | Theo de Raadt | |
| 2001-07-04 | add new icmp codes and types as symbolic names, ok deraadt | Peter Stromberg | |
| 2001-07-04 | do not pick a fight | Theo de Raadt | |
| 2001-07-03 | Missed a few style fixes... | Hakan Olsson | |
| 2001-07-03 | Document -q option. Some style fixes. dhartmei@ ok. | Hakan Olsson | |
| 2001-07-03 | Add a -q (quiet) option. dhartmei@ ok. | Hakan Olsson | |
| 2001-07-02 | Typo. | Hakan Olsson | |
| 2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not ↵ | Daniel Hartmeier | |
| filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@ | |||
| 2001-07-01 | Appeared in 3.0, not 2.9; openbsd@davidkrause.com | Angelos D. Keromytis | |
| 2001-07-01 | Add port ranges to the rdr directive. Connections can be redirected | Kjell Wooding | |
| to either a range of the same size, or a single port. Redirects between ranges of different sizes are not supported. Eg: rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp This replaces the wildcard port patch (when port = 0), as it should no longer be necessary. ok dhartmei@ | |||
| 2001-07-01 | Always print filter statistics, even when the filter is disabled. | Kjell Wooding | |
| 2001-07-01 | Finish with posixifying command options. Now both "pfctl -Fs" and | Kjell Wooding | |
| "pfctl -F states" work. Changed -[Fs]S to -[Fs] info (or -[Fs]i) based on an earlier conversation with theo. Added -[Fs] "all" to show or flush everything Fixup some man page pastos in the process | |||
| 2001-06-29 | POSIX-ify the flag options at theo's request | Kjell Wooding | |
| 2001-06-29 | change load_file implementation so we can accept input on | Kjell Wooding | |
| stdin. Rewrite NAT processing loop to accomodate this fact (we can only read the rules file once). ok theo | |||
| 2001-06-29 | fix counter/reason array usage | Daniel Hartmeier | |
| 2001-06-28 | support scrub directive. somebody please please BNF yaccify this. | Niels Provos | |
| 2001-06-28 | usage() was out of date | Daniel Hartmeier | |
| 2001-06-27 | Change flag syntax | Kjell Wooding | |
| -Fs, -Fn, -Fr, -FS to flush states, nat rules, filter rules, stats -ss, -sn, -sr, -sS to show them -z goes away | |||
| 2001-06-27 | errx() doesn't return. use err() to get errno as well. translate two common ↵ | Daniel Hartmeier | |
| errno. ok provos@ | |||
| 2001-06-27 | print inbound packets passed correctly | Daniel Hartmeier | |
| 2001-06-27 | Use bitfields for flag options in getopt. | Kjell Wooding | |
| 2001-06-27 | add -z option | Kjell Wooding | |
| 2001-06-27 | add -z flag for zeroing statistics. -s status no longer resets anything | Kjell Wooding | |
| 2001-06-27 | state counter changes | Theo de Raadt | |
| 2001-06-27 | make it understand protocol numbers, too | Niels Provos | |
| 2001-06-26 | Add -N (parse, but do not load) and -v (verbose: show parsed rules) | Kjell Wooding | |
| for pf and nat rules. | |||
| 2001-06-26 | name comparison operators | Dug Song | |
| 2001-06-26 | Add -Wall | smart | |
| 2001-06-26 | int -> unsigned, so -Wall is happy | Daniel Hartmeier | |
| 2001-06-26 | array of counters indexed by reason codes | Theo de Raadt | |
| 2001-06-26 | bad smart | Niels Provos | |
| 2001-06-26 | Add err.h for errx() | smart | |
| 2001-06-26 | some warnx, and exit instead of return | Niels Provos | |
| 2001-06-26 | add rule nr for Niels | Daniel Hartmeier | |
| 2001-06-26 | add rule pointer and log option to states | Daniel Hartmeier | |
| 2001-06-26 | Print statistics in a human readable format. ok dhartmei | Kjell Wooding | |
| 2001-06-26 | Clarify what the -l option does. | Kjell Wooding | |
| 2001-06-26 | use errx() | Theo de Raadt | |
| 2001-06-26 | language | Theo de Raadt | |
| 2001-06-26 | change config file names to pf.conf and nat.conf | Kjell Wooding | |
| 2001-06-26 | symbolic names for icmp-type and codes, ok deraadt@ | Peter Stromberg | |
| 2001-06-26 | Renamed files to pf.filter and pf.rules | Ian Darwin | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |