summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-13Move tokens before productions into more consistant placesTheo de Raadt
2010-01-13repair a double-free suggested by parfait; ok mcbrideTheo de Raadt
2010-01-13fix some leaks found by parfaitJonathan Gray
2010-01-13In some cases the netmask gets set to a full 128 bit mask even if noRyan Thomas McBride
2010-01-13Allow /netmask notation in redir spec, fix the rest of the regressRyan Thomas McBride
2010-01-12We actually have to keep the translate/route spec addresses around afterRyan Thomas McBride
2010-01-12Set roundrobin flag correctly, and don't treat a bare interfaceRyan Thomas McBride
2010-01-12Only print route specs with @if notation if there is an IP address.Ryan Thomas McBride
2010-01-12Add restrictions to make @if illegal in outside of routing specs;Ryan Thomas McBride
2010-01-12Unbreak 10/8 and friends.Ryan Thomas McBride
2010-01-12Fix some issues in redir spec handling, discovered thanks to dlg testingRyan Thomas McBride
2010-01-12Don't leak @if0 format routing host names, pointed out by claudio.Ryan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2010-01-10lex <=, >=, and != into a single token for correctness and to reduce theTheo de Raadt
2010-01-10In the non-optimized case, an address list containing "any" (ie. { any 10.0.0...Theo de Raadt
2009-12-24spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.hIgor Sobrado
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-12-10plug some memory leaks; found by parfait, ok henningTheo de Raadt
2009-11-23since "nat/rdr pass" are history natpass can goHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-09A few more places to be updated for the route pool change.Jonathan Gray
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-28route_host initializes the netmask to a /128 no matter what af is used soClaudio Jeker
2009-10-28Correct function name in err and errx.Claudio Jeker
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-29sort usage();Jason McIntyre
2009-09-28add -S and -L options to store and load the pf state table from a file.David Gwynne
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-07implement binat-to as a macro-like rule: a rule using the new binat-toReyk Floeter
2009-09-03remove -N from usage();Jason McIntyre
2009-09-03this time i commit the right diff that wasReyk Floeter
2009-09-03fix two route-to vs. rdr-to conflicts.Reyk Floeter
2009-09-03remove NAT specific command line optionsPeter Hessler
2009-09-02all the new *-to options are part of the "filteropts" section at theReyk Floeter
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-08-21remove the ``;'' at the end of INDENT() macro definition usingAlexandre Ratchov
2009-07-28Bring back rev. 1.560:Claudio Jeker
2009-07-27When will people learn to commit their .h file changes?Theo de Raadt
2009-07-27Make it possible to use DiffServ Code Point in the TOS fields. Names likeClaudio Jeker
2009-07-09repair -xHenning Brauer
2009-05-14actually change the require-order default to No; I missed a part withStuart Henderson
2009-04-26switch the require-order default to "no". regression tests still pass.Stuart Henderson
2009-04-25scrub_opts must not be empty, scrub on its own does nothing.Henning Brauer
2009-04-16Really turn fragment reassembly on by default. pfctl must handle thisDavid Krause
2009-04-15restore printing of the fragment option; ok henning@David Krause
2009-04-06print prettier, from sthen@Henning Brauer