summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2006-08-08properly join host lists in ifa_grouplookup(), closes PR 5195,Daniel Hartmeier
2006-07-06add "rtable" to select alternate routing tables.Henning Brauer
2006-06-30spacesTheo de Raadt
2006-06-17KNFHenning Brauer
2006-06-09Xo/Xc not needed here; from davidJason McIntyre
2006-05-28Make per-rule adaptive timeouts behave the same way as the global adaptiveRyan Thomas McBride
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-05-26\<char> is <char> except for \<newline> -- no exceptions. much like howTheo de Raadt
2006-05-23member interfaces of groups might have no IPs and ifa_lookup retun NULL,Henning Brauer
2006-05-14better english to describe interfaces without bandwidth info; ok henningTheo de Raadt
2006-05-02fix creation of sub-anchors, e.g. if you create an anchor /foo/bar, createDaniel Hartmeier
2006-05-01add support for "tagged {}" lists, from Pierre-Yves RitschardDaniel Hartmeier
2006-04-24don't clear interface flags (set skip on) when -N/-F is used without -O,Daniel Hartmeier
2006-04-08Plug simple memory leak. ``Don't forget to free tcpopts when youRay Lai
2006-04-08Remove a little bit of dead code; minburst is set to 2 earlier, andRay Lai
2006-04-06allow lists inside lists for address specs, has been in my tree forHenning Brauer
2006-03-21instead of sizeof(array) / sizeof(element) computation, use the existingDaniel Hartmeier
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
2006-01-28zap unused functionHenning Brauer
2005-11-17for pfctl -f rules, open the file before resetting options. when openingDaniel Hartmeier
2005-11-12return; at end of function is dorkyTheo de Raadt
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-10-18add support for static interface group expansion, i. e.Henning Brauer
2005-10-13unused parametersHenning Brauer
2005-10-13dead definesHenning Brauer
2005-08-17with pfctl -vsI, indicate which interfaces are being skipped.Daniel Hartmeier
2005-07-11clear PFI_IFLAG_SKIP when clearing interface flags, found by David Hill,Daniel Hartmeier
2005-06-30in order for pfvar.h not to conflict with openssl's crypto.h, useNikolay Sturm
2005-06-14no need to restrict tagging to stateful rules any more, dhartmei okHenning Brauer
2005-06-13document extended pfctl -sl formatHenning Brauer
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-06-13free memory in show_src_nodes and show_states, as reported byJared Yanovich
2005-05-28don't print the "[ Inserted: uid pid ]" line when -g is used, so theDaniel Hartmeier
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
2005-05-27get rid of shift/reduce conflicts, don't support empty logoptsDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-27allow 'tagged' in 'anchor' rules (without complaining about missingDaniel Hartmeier
2005-05-26The illegalness of "no nat log" is already enforced by the grammar.Camiel Dobbelaar
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier
2005-05-26support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patchDaniel Hartmeier
2005-05-26switch the max_src_{states,conn,conn_rate} from superblock breaks to superblockMike Frantzen
2005-05-25make the remaining pf_rule fields named superblock BREAKs instead just lettingMike Frantzen
2005-05-25make the optimizer safe in the presence of interface groups. they must act asMike Frantzen
2005-05-24Identify states that will not be synchronised in pfctl -vvss output.Christopher Pascoe
2005-05-23change pool allocation of table entries, no longer use the oldnointrDaniel Hartmeier
2005-05-23remove code that duplicates getservice()Camiel Dobbelaar
2005-05-22Add support to kill states that match networks.Marco Pfatschbacher
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer