Age | Commit message (Expand) | Author |
2006-06-09 | Xo/Xc not needed here; from david | Jason McIntyre |
2006-05-28 | Make per-rule adaptive timeouts behave the same way as the global adaptive | Ryan Thomas McBride |
2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
2006-05-26 | \<char> is <char> except for \<newline> -- no exceptions. much like how | Theo de Raadt |
2006-05-23 | member interfaces of groups might have no IPs and ifa_lookup retun NULL, | Henning Brauer |
2006-05-14 | better english to describe interfaces without bandwidth info; ok henning | Theo de Raadt |
2006-05-02 | fix creation of sub-anchors, e.g. if you create an anchor /foo/bar, create | Daniel Hartmeier |
2006-05-01 | add support for "tagged {}" lists, from Pierre-Yves Ritschard | Daniel Hartmeier |
2006-04-24 | don't clear interface flags (set skip on) when -N/-F is used without -O, | Daniel Hartmeier |
2006-04-08 | Plug simple memory leak. ``Don't forget to free tcpopts when you | Ray Lai |
2006-04-08 | Remove a little bit of dead code; minburst is set to 2 earlier, and | Ray Lai |
2006-04-06 | allow lists inside lists for address specs, has been in my tree for | Henning Brauer |
2006-03-21 | instead of sizeof(array) / sizeof(element) computation, use the existing | Daniel Hartmeier |
2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
2006-01-28 | zap unused function | Henning Brauer |
2005-11-17 | for pfctl -f rules, open the file before resetting options. when opening | Daniel Hartmeier |
2005-11-12 | return; at end of function is dorky | Theo de Raadt |
2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
2005-10-18 | add support for static interface group expansion, i. e. | Henning Brauer |
2005-10-13 | unused parameters | Henning Brauer |
2005-10-13 | dead defines | Henning Brauer |
2005-08-17 | with pfctl -vsI, indicate which interfaces are being skipped. | Daniel Hartmeier |
2005-07-11 | clear PFI_IFLAG_SKIP when clearing interface flags, found by David Hill, | Daniel Hartmeier |
2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
2005-06-14 | no need to restrict tagging to stateful rules any more, dhartmei ok | Henning Brauer |
2005-06-13 | document extended pfctl -sl format | Henning Brauer |
2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
2005-06-13 | free memory in show_src_nodes and show_states, as reported by | Jared Yanovich |
2005-05-28 | don't print the "[ Inserted: uid pid ]" line when -g is used, so the | Daniel Hartmeier |
2005-05-27 | Hide Hostid and Checksum in pfctl -si output unless the -v flag is used. | Ryan Thomas McBride |
2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
2005-05-27 | get rid of 'log-all'. now that we have 'log (options)', make 'all' an | Daniel Hartmeier |
2005-05-27 | get rid of shift/reduce conflicts, don't support empty logopts | Daniel Hartmeier |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
2005-05-27 | allow 'tagged' in 'anchor' rules (without complaining about missing | Daniel Hartmeier |
2005-05-26 | The illegalness of "no nat log" is already enforced by the grammar. | Camiel Dobbelaar |
2005-05-26 | use PF_LOG, PF_LOGALL instead of numeric constants | Daniel Hartmeier |
2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
2005-05-26 | switch the max_src_{states,conn,conn_rate} from superblock breaks to superblock | Mike Frantzen |
2005-05-25 | make the remaining pf_rule fields named superblock BREAKs instead just letting | Mike Frantzen |
2005-05-25 | make the optimizer safe in the presence of interface groups. they must act as | Mike Frantzen |
2005-05-24 | Identify states that will not be synchronised in pfctl -vvss output. | Christopher Pascoe |
2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
2005-05-23 | remove code that duplicates getservice() | Camiel Dobbelaar |
2005-05-22 | Add support to kill states that match networks. | Marco Pfatschbacher |
2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
2005-05-05 | typo | Joel Knight |
2005-04-22 | Catch bad flags, ie. flags that always evaluate to false. This happens | Camiel Dobbelaar |
2005-03-07 | fd leaks in error paths, From: Andrey Matveev <andrushock@korovino.net> | Henning Brauer |
2005-03-07 | print unsigned long with %lu, not with %d and not with %ld. | Henning Brauer |