summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2009-08-21remove the ``;'' at the end of INDENT() macro definition usingAlexandre Ratchov
2009-07-28Bring back rev. 1.560:Claudio Jeker
2009-07-27When will people learn to commit their .h file changes?Theo de Raadt
2009-07-27Make it possible to use DiffServ Code Point in the TOS fields. Names likeClaudio Jeker
2009-07-09repair -xHenning Brauer
2009-05-14actually change the require-order default to No; I missed a part withStuart Henderson
2009-04-26switch the require-order default to "no". regression tests still pass.Stuart Henderson
2009-04-25scrub_opts must not be empty, scrub on its own does nothing.Henning Brauer
2009-04-16Really turn fragment reassembly on by default. pfctl must handle thisDavid Krause
2009-04-15restore printing of the fragment option; ok henning@David Krause
2009-04-06print prettier, from sthen@Henning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-03-19pfctl -ss printed state levels for ICMPv6. Disable this the sameAlexander Bluhm
2009-02-23back out last commit since it breaks a few regress tests -- this will beTheo de Raadt
2009-02-19spacingTheo de Raadt
2009-02-16fix pfctl -v printing of anchors, from camield@. Closes user/6065Stuart Henderson
2008-10-17in findeol(), do not skip the pushback buffer. fixes PR 5952 by sthen@ andHenning Brauer
2008-10-02implement "set state-defaults X", where X is a list of state options asHenning Brauer
2008-09-10do not try to print $$ when it has not been setTheo de Raadt
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-08-31avoid line wrap in usage() output;Jason McIntyre
2008-08-12use correct byte order when printing state expiration minutes; ok henning@David Krause
2008-08-07correctly copy the log interface spec when expanding an antispoof rule thatHenning Brauer
2008-07-25don't redefine INFINITY -- math.h defines it nowMartynas Venckus
2008-07-24check sysctl return valueHenning Brauer
2008-07-03do not forget to initialize other member of $$ in qname; noted by mark shroyerTheo de Raadt
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-21Fix "-T expire"; clear pfra_fback on addresses before sending them back toRyan Thomas McBride
2008-06-11remove an ugly article;Jason McIntyre
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10in verbose mode indicate which states are sloppy, ryan reyk theoHenning Brauer
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-27Fix count of states flushed, broken when the psnk_af hack was removed in pf_i...Ryan Thomas McBride
2008-05-16no need to quote the argument to .Nd, now that it's nice and short;Jason McIntyre
2008-05-16There is not really a network address translation device.Marco Pfatschbacher
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-09Replace a crockpot of semi-cloned productions for handling portTheo de Raadt
2008-05-09convert port byte order in the production; add port keyword; ok deraadt@Markus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-08make "to any" optional in binat, or well, the implied default.Theo de Raadt
2008-05-08Loosen grammer to permit any number of newlines within most kinds of { }Theo de Raadt
2008-05-08Bring back (in a more yacc friendly way) support for setting variablesTheo de Raadt
2008-05-07do not assume PF_INOUT is 0 in the enum; ok mcbrideTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Document new state creation counter for pfctl -s labelsMarco Pfatschbacher
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-04-21optnl is a crutch for those who do not understand yacc. itTheo de Raadt