summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2002-06-03Add NAT keyword so it is picked up by apropos (man -k NAT). ok dhartmei@Kjell Wooding
2002-06-03Also print labels in 'pfctl -s all'. ok dhartmei@Kjell Wooding
2002-06-01ECN flag support for pf. Committed in consultation with Daniel.Hugh Graham
2002-05-27Ports require 6 chars, from Oleg SafiullinDaniel Hartmeier
2002-05-24Support mixed (IPv4/v6) address lists, expand to all possible and validDaniel Hartmeier
2002-05-23tiny KNF, some malloc checks, etcTheo de Raadt
2002-05-23new_addr is not used from anywhere. daniel@benzedrine.cx okJun-ichiro itojun Hagino
2002-05-19KNFTheo de Raadt
2002-05-19KNFTheo de Raadt
2002-05-19KNFTheo de Raadt
2002-05-19nicer usageTheo de Raadt
2002-05-18Handle long (unsigned 32-bit) IDs in print_uid/gid(). From Oleg Safiullin.Daniel Hartmeier
2002-05-12Explain that user/group 'unknown' can only be used with operators = and !=Daniel Hartmeier
2002-05-12Add gid based filtering, reduce to one (effective) uid, rename parserDaniel Hartmeier
2002-05-10Handle host name resolution returning multiple addresses in the ruleDaniel Hartmeier
2002-05-09Add a max-mss option to the scrub rule which will enforce a maximum mssjasoni
2002-05-09Introduce user based filtering. Rules can specify ruid and euid (real andDaniel Hartmeier
2002-05-05Instead of returning a useless kernel space pointer for the rule thatDaniel Hartmeier
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
2002-04-23Allow explicit filtering of fragments when they are not reassembled.Daniel Hartmeier
2002-04-18use strlcpyTheo de Raadt
2002-04-17Reset lineno for each file, so pfctl -R ... -N ... reports the rightDaniel Hartmeier
2002-04-15Use in_addr_t instead of unsigned long, which breaks on alpha (64-bit).Daniel Hartmeier
2002-04-08Fix typo, from Raymond M SchneiderDaniel Hartmeier
2002-04-01change return values back from EX_* to 0/1Daniel Hartmeier
2002-04-01style(9) improvements from Raymond M SchneiderDaniel Hartmeier
2002-03-28prototype pfctl_kill_states()Daniel Hartmeier
2002-03-27implement a "no-route" keyword.Michael Shalayeff
2002-03-26tidy up usage statement and sort headers. patch from dfa@solo.eeMike Frantzen
2002-03-26sort options and clean up the -k descrption. patch from dfa@solo.eeMike Frantzen
2002-03-25add -k option to shootdown all the state entries from the specified hostMike Frantzen
2002-03-21Add r option to SYNOPSIS. From Brian Poole.Daniel Hartmeier
2002-03-12Handle inet_ntop() returning NULL explicitly. Found by mpech@.Daniel Hartmeier
2002-03-11Add -r to reverse lookup addresses when displaying states.Daniel Hartmeier
2002-02-28Don't force /dev/pf to be opened read-write for pfctl -t/-m when valuesDaniel Hartmeier
2002-02-27Instead of printing useless @0 rule numbers from pfctl -vR, increase aDaniel Hartmeier
2002-02-26Add optional pool memory hard limits, mainly as temporary solutionDaniel Hartmeier
2002-02-11Initial patch.Mike Pechkin
2002-01-11use bsearch() for keywords lookup, swap couple of entries to make the keyword...Michael Shalayeff
2002-01-10Let port 0 be specified as it's not special here.Hugh Graham
2002-01-09Port must be >0 and <=65535. Idea while have fun with ssh.Mike Pechkin
2002-01-09free() 'interface' in {nat,binat,rdr}ruleMike Pechkin
2002-01-09Add labels to rules. These are arbitrary names (not to be confused withDaniel Hartmeier
2002-01-08Add "no nat/rdr/binat" to nat.conf. The first matching rule applies.Daniel Hartmeier
2002-01-07Next issue:Mike Pechkin
2002-01-07remove 3rd argument from ipmask(), not used.Mike Pechkin
2002-01-06-x needs read-write access for DIOCSETDEBUG ioctlDaniel Hartmeier
2002-01-04check (p != NULL), not n.Mike Pechkin
2001-12-31only open device for writing if we gonna modify anythingMichael Shalayeff
2001-12-23find correct line number in lval, instead of valTheo de Raadt