Age | Commit message (Collapse) | Author | |
---|---|---|---|
2002-01-11 | use bsearch() for keywords lookup, swap couple of entries to make the ↵ | Michael Shalayeff | |
keywords array sorted and add a comment to keep it that way; dhartmei@ ok | |||
2002-01-10 | Let port 0 be specified as it's not special here. | Hugh Graham | |
Agreement with Daniel and others. | |||
2002-01-09 | Port must be >0 and <=65535. Idea while have fun with ssh. | Mike Pechkin | |
dhartmei@ ok | |||
2002-01-09 | free() 'interface' in {nat,binat,rdr}rule | Mike Pechkin | |
dhartmei@ ok | |||
2002-01-09 | Add labels to rules. These are arbitrary names (not to be confused with | Daniel Hartmeier | |
tags that will be used to tag packets later on). Add pfctl -z to clear per-rule counters. Add pfctl -s labels to output per-rule counters in terse format and only for rules that have labels. Suggested by Henning Brauer. | |||
2002-01-08 | Add "no nat/rdr/binat" to nat.conf. The first matching rule applies. | Daniel Hartmeier | |
If it is a "no" rule, no translation occurs. Useful to exclude certain packets from translation. Suggested by Henning Brauer. | |||
2002-01-07 | Next issue: | Mike Pechkin | |
af is always u_int8_t, not int; dhartmei@ ok | |||
2002-01-07 | remove 3rd argument from ipmask(), not used. | Mike Pechkin | |
dhartmei@ ok | |||
2002-01-06 | -x needs read-write access for DIOCSETDEBUG ioctl | Daniel Hartmeier | |
2002-01-04 | check (p != NULL), not n. | Mike Pechkin | |
dhartmei@ ok | |||
2001-12-31 | only open device for writing if we gonna modify anything | Michael Shalayeff | |
2001-12-23 | find correct line number in lval, instead of val | Theo de Raadt | |
2001-12-21 | Initial patch for a new mdoc issue. | Mike Pechkin | |
Powered by @mantoya: o) kill extra line in the end of file; o) kill extra space in the end of line; o) replace blank lines with .Pp; millert@ ok | |||
2001-12-13 | o) start new sentence on a new line; | Mike Pechkin | |
o) wrap long lines; o) fix bogus .Xr usage; o) we don't like blank lines; o) always close .Bl tags; o) OpenBSD -> .Ox; o) don't like .Pp before .Ss; millert@ ok; | |||
2001-12-10 | Convert usage of 'you' to third person. Reword some sentences. | Daniel Hartmeier | |
2001-12-10 | Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on | Daniel Hartmeier | |
source/destination addresses/ports only. Add RDR for ICMP. Add NAT/RDR/BINAT for other protocols. Destination and redirection port(s) are now optional for RDR rules. Not specifying destination port(s) means 'redirect all ports', not specifying redirection port(s) means 'redirect to the original port'. | |||
2001-12-05 | Correctly parse hex numbers. Spotted by Claudio Jeker. Closes PR 2234. | Daniel Hartmeier | |
2001-12-03 | For nat, binat and rdr rules, don't allow different address families in | Daniel Hartmeier | |
one rule. pf can't translate IPv4 <-> IPv6 packets. Such rules didn't work, even if they were falsely accepted before. | |||
2001-12-01 | wipe print_nat()'s nose (use dnot correctly instead of snot). i need to start | Mike Frantzen | |
naming variables 'bugger'. yes, thats what i'll do | |||
2001-11-26 | add fastroute options similar to what is found in ipf | jasoni | |
ok dhartmei@, frantzen@ | |||
2001-11-05 | noone responds. | Theo de Raadt | |
this diff makes } and { not be part of symbols | |||
2001-10-24 | Check interface names using ifa0_lookup() and print error message for | Daniel Hartmeier | |
non-existant interfaces (instead of the generic ioctl error returned by the kernel in this case). | |||
2001-10-24 | Use snot/dnot correctly in print_rdr. RDR rules with '!' used on the | Daniel Hartmeier | |
destination address were printed incorrectly before (though the rules worked correctly). | |||
2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier | |
default now, and can be allowed per rule. ok deraadt@ | |||
2001-10-11 | Don't htonl() past buffer bounds if ipmask == 128 | Mike Frantzen | |
2001-10-11 | Corrections from Brian J. Kifiak. | Daniel Hartmeier | |
2001-10-07 | Add interface name to address translation to pfctl, document it and add | Daniel Hartmeier | |
a regress test. Translation is done on rule set load-time only, so the rule sets must be reloaded when an interface address changes. parse.y patch from Cedric Berger. Similar patch from Jonathon Fletcher. Thanks to both. | |||
2001-10-04 | Honour -v flag when printing states, print only one line per state when | Daniel Hartmeier | |
non-verbose. Suggested by gwyllion@ace.ulyssis.org. | |||
2001-10-02 | Remove duplication from simultaneous commits | Mike Frantzen | |
2001-10-02 | Typo fixes (thanks gwyllion@ace.ulyssis.org) | Mike Frantzen | |
2001-10-02 | 'pfctl -O foo' dumped core. A check was there, but didn't work. | Daniel Hartmeier | |
2001-10-01 | print variable asignments only if -v is given. ok dhartmei/deraadt | Markus Friedl | |
2001-10-01 | Print error message when pfctl -N/-R can't open the specified file | Daniel Hartmeier | |
(instead of failing silently). Found by niklas@. | |||
2001-09-30 | Selectable preset FSM optimizations for several network environments. | Mike Frantzen | |
Thanks to everyone who sent me packet captures! | |||
2001-09-28 | Support underscores in macro names and document it in the man page. | Daniel Hartmeier | |
2001-09-22 | remove debug printf | Theo de Raadt | |
2001-09-20 | Fix uninitialized structure fields. Problem reported by Cedric Berger. | Daniel Hartmeier | |
2001-09-15 | Implement return-icmp(number), return-icmp6(number) | Peter Stromberg | |
Differentiate between return-icmp and return-icmp6, icmp-type and ipv6-icmp-type. ok dhartmei@ | |||
2001-09-15 | ICMP6_DST_UNREACH_NOROUTE <-> _ADMIN, reported by Wouter Coene. | Daniel Hartmeier | |
2001-09-15 | Fix 'binat ... to any ...' (binat.af wasn't set). | Daniel Hartmeier | |
2001-09-15 | Parse bug, found by wilfried@ | Daniel Hartmeier | |
2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
2001-09-12 | check calloc() return value | Markus Friedl | |
2001-09-06 | - you can only binat between hosts | jasoni | |
- add binat example and description | |||
2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni | |
2001-09-06 | Initial idea from aaron@: Last char of .Xr group in SEE ALSO section should | Mike Pechkin | |
be a single digit. Powered by mantoya@. millert@ ok. | |||
2001-09-04 | Support parameter lists {} for interfaces in filter rules, like | Daniel Hartmeier | |
pass in on { gm0, kue0 } from any to any | |||
2001-09-02 | Print rule numbers zero-based. Noted by primus@gblx.net. | Daniel Hartmeier | |
2001-08-28 | move '!' from host_list to host: "xhost : '!' host | host;"; ok dhartmei@ | Markus Friedl | |
2001-08-28 | check for malloc/strdup == NULL | Markus Friedl | |