summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2001-12-13o) start new sentence on a new line;Mike Pechkin
2001-12-10Convert usage of 'you' to third person. Reword some sentences.Daniel Hartmeier
2001-12-10Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based onDaniel Hartmeier
2001-12-05Correctly parse hex numbers. Spotted by Claudio Jeker. Closes PR 2234.Daniel Hartmeier
2001-12-03For nat, binat and rdr rules, don't allow different address families inDaniel Hartmeier
2001-12-01wipe print_nat()'s nose (use dnot correctly instead of snot). i need to startMike Frantzen
2001-11-26add fastroute options similar to what is found in ipfjasoni
2001-11-05noone responds.Theo de Raadt
2001-10-24Check interface names using ifa0_lookup() and print error message forDaniel Hartmeier
2001-10-24Use snot/dnot correctly in print_rdr. RDR rules with '!' used on theDaniel Hartmeier
2001-10-15Add 'allow-opts' to rules. Packets with IP options will be blocked byDaniel Hartmeier
2001-10-11Don't htonl() past buffer bounds if ipmask == 128Mike Frantzen
2001-10-11Corrections from Brian J. Kifiak.Daniel Hartmeier
2001-10-07Add interface name to address translation to pfctl, document it and addDaniel Hartmeier
2001-10-04Honour -v flag when printing states, print only one line per state whenDaniel Hartmeier
2001-10-02Remove duplication from simultaneous commitsMike Frantzen
2001-10-02Typo fixes (thanks gwyllion@ace.ulyssis.org)Mike Frantzen
2001-10-02'pfctl -O foo' dumped core. A check was there, but didn't work.Daniel Hartmeier
2001-10-01print variable asignments only if -v is given. ok dhartmei/deraadtMarkus Friedl
2001-10-01Print error message when pfctl -N/-R can't open the specified fileDaniel Hartmeier
2001-09-30Selectable preset FSM optimizations for several network environments.Mike Frantzen
2001-09-28Support underscores in macro names and document it in the man page.Daniel Hartmeier
2001-09-22remove debug printfTheo de Raadt
2001-09-20Fix uninitialized structure fields. Problem reported by Cedric Berger.Daniel Hartmeier
2001-09-15Implement return-icmp(number), return-icmp6(number)Peter Stromberg
2001-09-15ICMP6_DST_UNREACH_NOROUTE <-> _ADMIN, reported by Wouter Coene.Daniel Hartmeier
2001-09-15Fix 'binat ... to any ...' (binat.af wasn't set).Daniel Hartmeier
2001-09-15Parse bug, found by wilfried@Daniel Hartmeier
2001-09-15IPv6 support from Ryan McBride (mcbride@countersiege.com)Mike Frantzen
2001-09-12check calloc() return valueMarkus Friedl
2001-09-06- you can only binat between hostsjasoni
2001-09-061:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@jasoni
2001-09-06Initial idea from aaron@: Last char of .Xr group in SEE ALSO section shouldMike Pechkin
2001-09-04Support parameter lists {} for interfaces in filter rules, likeDaniel Hartmeier
2001-09-02Print rule numbers zero-based. Noted by primus@gblx.net.Daniel Hartmeier
2001-08-28move '!' from host_list to host: "xhost : '!' host | host;"; ok dhartmei@Markus Friedl
2001-08-28check for malloc/strdup == NULLMarkus Friedl
2001-08-28Support ! operator in host parameter lists. Fixes PR system/2030. ReportedDaniel Hartmeier
2001-08-28Bump state timeouts and allow tweaking them from pfctl.Mike Frantzen
2001-08-26sort keywordsTheo de Raadt
2001-08-25PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.Mike Frantzen
2001-08-23o for a port_item, initialize the "next" pointer to NULLTodd C. Miller
2001-08-23Support var="string". Expansion (at lex time) done using $var, for instance:Theo de Raadt
2001-08-23KNFTheo de Raadt
2001-08-23for -s all, do not error out when the first ioctl failsTheo de Raadt
2001-08-22ftp-proxyBob Beck
2001-08-19do not spin if no states are foundTheo de Raadt
2001-08-19Document per-rule byte counter.Daniel Hartmeier
2001-08-19Add per-rule byte counter, so mickey can do accounting. We're counting theDaniel Hartmeier
2001-08-19Document per-rule statistics. If the evaluation counters look funny,Daniel Hartmeier