summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2002-09-08be more clueful wrt address family in nat/rdr rules.Henning Brauer
2002-09-02Fix parsing of port ranges in translation rules (port a:b -> port c:d).Daniel Hartmeier
2002-09-02Make sure the interface specified with route-to/dup-to/fastroute existsDaniel Hartmeier
2002-08-20Increase lineno on newlines inside multi-line macro definitions, otherwiseDaniel Hartmeier
2002-08-16kill duplicated check for '(' and ')' in allowed_in_stringHenning Brauer
2002-08-12Catch null pointer deref (segfault), from wilfried@Daniel Hartmeier
2002-08-06missing free(), mpech@Henning Brauer
2002-08-06check fo strdup() allocation errorsHenning Brauer
2002-07-31KNF, esp. missing prototypesHenning Brauer
2002-07-30grmpf.Henning Brauer
2002-07-30allow to specify flags on all rules that include tcp.Henning Brauer
2002-07-26make the order of log and quick irrelevant. now bothHenning Brauer
2002-07-23timeout_list/_spec and limit_list/_spec don't return anything -> no %type.Henning Brauer
2002-07-21fix route-to alsoTheo de Raadt
2002-07-21make the , optional in many places. This makes string concat a lot moreTheo de Raadt
2002-07-21string concat, ie.Theo de Raadt
2002-07-20minor indent tweaksTheo de Raadt
2002-07-20properly split yacc and lex useTheo de Raadt
2002-07-19minor tweaks, sighTheo de Raadt
2002-07-19And back out the last change again.Daniel Hartmeier
2002-07-19rework the interface lookup routines internals.Henning Brauer
2002-07-19Support # comments at the end of lines and inside (multi-line) stringDaniel Hartmeier
2002-07-19Use getnameinfo() instead of gethostbyaddr() to support IPv6 reverseDaniel Hartmeier
2002-07-19deal with the fact that the struct node_host ifa_pick_ip gets is not alwaysHenning Brauer
2002-07-18use inet_aton(), until this is made v6 awareTheo de Raadt
2002-07-17support "self" as address. self expands to all IPv4 and IPv6 addresses ofHenning Brauer
2002-07-16Add nat_consistent() and rdr_consistent() for checks that should occurDaniel Hartmeier
2002-07-15add support forHenning Brauer
2002-07-15cosmetics/consolidations to manpage in yyerror()sPhilipp Buehler
2002-07-15o complain about keep state on block rulesHenning Brauer
2002-07-13add list expansion for interface and proto in nat rules and for proto in rdrHenning Brauer
2002-07-09check sin6_scope_id field, just in case we change the routing socket APIJun-ichiro itojun Hagino
2002-07-09getifaddrs(3) grabs link-local addrs in kernel internal form, convert themJun-ichiro itojun Hagino
2002-07-09rework the interface-to-IP routines.Henning Brauer
2002-07-08Don't allow 'flags' option in non-TCP rules, found by mpech@Daniel Hartmeier
2002-07-05unbreak.Henning Brauer
2002-07-05another small bug I found while installing a -current pf firewall.Henning Brauer
2002-07-05allow unsetting the statusinterface viaHenning Brauer
2002-07-01streamline parse buffer handling (no need to copy value that is notMarc Espie
2002-07-01KNFTheo de Raadt
2002-06-28Don't check for address family conflicts in nat/rdr before expansion,Daniel Hartmeier
2002-06-27fix synopsis, closes pr2775Henning Brauer
2002-06-27repair formatting - the new "enabled since" format is longer than the oldHenning Brauer
2002-06-25move pfctl options -t, -m, -O and -l to pf.conf. These are set using theHenning Brauer
2002-06-24Use interface when specified in scrub rule. No support for ! or {} yet.Daniel Hartmeier
2002-06-23uid_t and gid_t are unsignedTheo de Raadt
2002-06-20Copy address family from inet/inet6 keyword, if specified.Daniel Hartmeier
2002-06-19"Enabled for Ss" -> "Enabled for D days HH:MM:SS", ok frantzen@Daniel Hartmeier
2002-06-18propogate a '!' when a host resolves to multiple IP addressesMike Frantzen
2002-06-18don't allow individual keep state rules to specify timeouts for 'interval' andMike Frantzen