src - OpenBSD base system

Age	Commit message (Collapse)	Author
2002-06-16	Rules must in order -> Rules must be in order	Aaron Campbell

2002-06-15	Reset rulestate in parse_rules(), so consecutive calls (like from authpf)	Daniel Hartmeier
	will not fail. Reported by Chris Kuethe.
2002-06-14	make the output of pfctl -k look nice again	Henning Brauer
	noticed by pb@ ok dhartmei@
2002-06-13	Fix the numbering of scrub rules. pointed out and oked by frantzen@	Kjell Wooding

2002-06-12	this stuff really belongs to stderr, not stdout	Henning Brauer
	pointed out by ho@ ok dhartmei@, kjell@
2002-06-12	Fix uninitialized access. Spotted by danh@ This is a good reason to	Kjell Wooding
	develop with "ln -s 'J' /etc/malloc.conf" enabled. ok henning@
2002-06-11	split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',	Mike Frantzen
	'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking
2002-06-11	Typo in err()	Kjell Wooding

2002-06-11	nuke an unused parameter in pfctl_timeout. ok frantzen@	Kjell Wooding

2002-06-11	Add -N, -R	Kjell Wooding

2002-06-11	Add -N and -R options. When used in conjunction with	Kjell Wooding
	pfctl -f <rulefile> they allow just the nat or filter rules to be reloaded, respectively. The default (no flags) is to load everything. If -N is specified, any existing filter rules are retained, similarly for -R. ok deraadt@, dhartmei@
2002-06-11	sync with reality	Henning Brauer
	ok dhartmei@
2002-06-11	KNF, remove function parameter names	Daniel Hartmeier

2002-06-11	Remove parse_nat() prototype, it's gone. Yes, authpf is broken at the	Daniel Hartmeier
	moment.
2002-06-11	Add $OpenBSD, license, include guards and remove one superfluous	Daniel Hartmeier
	prototype. From Chris Kuethe
2002-06-11	print a string for UDP and OTHER state level instead of a numeric level	Mike Frantzen
	ok dhartmei@, henning@
2002-06-11	SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments	Mike Frantzen
	without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@
2002-06-11	sync usage() with reality	Henning Brauer

2002-06-11	Make NAT proxy port range configurable per rule, for instance privileged	Daniel Hartmeier
	source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@
2002-06-11	rework pfctl statistics display	Henning Brauer
	move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@
2002-06-10	Merge the NAT and rules files into a single rulefile. Rules must be	Kjell Wooding
	in this order, to remove any ambiguity about what order things happen in: scrub rules nat rules filter rules The -N and -R modifiers go away. Rulefiles are now loaded with the more POSIXly-correct '-f' ok frantzen@
2002-06-10	Allow ports to be specified in nat rules, useful later on for individual	Daniel Hartmeier
	proxy port ranges.
2002-06-10	Move enum out of struct (gcc 3.1 wasn't happy), from David Krause	Daniel Hartmeier

2002-06-10	some olde version piece crept into my diffski; pt out by dfa@	Michael Shalayeff

2002-06-10	split scrub rule processing into its own yacc target,	Kjell Wooding
	for imminent config file merge. ok frantzen@
2002-06-09	Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it	Daniel Hartmeier
	includes ports and operator.
2002-06-09	spaced out developers...	Theo de Raadt

2002-06-09	Add list parsing in RDR rules: e.g.	Kjell Wooding
	rdr on $IFLIST proto tcp from $SRC_LIST to $DST_LIST port 21 \ -> 127.0.0.1 port 8021 ok dhartmei@
2002-06-09	use strchr() instead of index()	Theo de Raadt

2002-06-08	nuke unused parameter af to expand_label_port	Henning Brauer
	ok dhartmei@, pb@
2002-06-08	Change remaining read-only lookup tables to const, suggestion drahn@	Daniel Hartmeier

2002-06-08	comment on IPv6 link-local twists	Jun-ichiro itojun Hagino

2002-06-08	pf_timeouts is shared between pfctl and authpf, put it in the shared file.	Dale Rahn
	unbreak build.
2002-06-08	add list expansion to src/dest in NAT rules. i.e.	Kjell Wooding
	nat on fxp0 from { 10.0.0.0/24, 10.0.1.0/24 } to \ { 172.6.1.1, 172.14.1.2/32 } -> fxp0 ok theo, dhartmei@
2002-06-08	remove macro concatenation via += per Theo's advice	Henning Brauer

2002-06-08	allow macro concatenation like	Henning Brauer
	webservers = "{ 10.0.0.1, 10.0.0.7, 10.0.0.8, " webservers += " 10.0.0.17, 10.0.0.25, 10.0.0.37 }" ok frantzen@, dhartmei@
2002-06-08	Make state timeouts configurable per rule, like	Daniel Hartmeier
	pass in from any to any port www keep state (tcp.established 60) ok frantzen@
2002-06-08	expand $nr -> rule number in rule labels	Henning Brauer
	okay dhartmei@, frantzen@
2002-06-08	expand $proto in rule labels	Henning Brauer
	okay frantzen@ dhartmei@
2002-06-07	Handle realloc() failure gracefully. Terminates with err() anyway in this	Daniel Hartmeier
	case, but we don't want to trigger "p = realloc(p," grepping causing false alarms here.
2002-06-07	henning, read this to see what i mean by KNF	Theo de Raadt

2002-06-07	add the possibility to configure a TTL while return-rst	Philipp Buehler
	ok dhartmei@, ipv6 part itojun@ ok
2002-06-07	Add "(max <number>)" option for "keep/modulate state" to limit the number	Daniel Hartmeier
	of concurrent connections a rule can create. ok frantzen@
2002-06-07	allow using $srcaddr, $srcport, $dstaddr and $dstport in rule labels,	Henning Brauer
	evaluated at parse time. ok dhartmei@
2002-06-07	minor KNF while I'm here	Henning Brauer
	ok dhartmei@
2002-06-07	make IPv6 scope identification work for dst (from any to fe80::1%lo0)	Jun-ichiro itojun Hagino

2002-06-07	support scoped IPv6 address in from/to portion.	Jun-ichiro itojun Hagino

2002-06-06	split out the pf_state printing functions to be used elsewhere, no ↵	Michael Shalayeff
	functional change; dhartmei@ ok
2002-06-03	Add NAT keyword so it is picked up by apropos (man -k NAT). ok dhartmei@	Kjell Wooding

2002-06-03	Also print labels in 'pfctl -s all'. ok dhartmei@	Kjell Wooding