summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2007-09-12add a missing range check for rtable ids; ok cloder henningTheo de Raadt
2007-09-12Add support to the lex for parsing number out of the stream. handleTheo de Raadt
2007-08-30add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/toDaniel Hartmeier
2007-07-01states here too not stateHenning Brauer
2007-06-30allow states instead of just state for -s and -F for consistency's sake.Henning Brauer
2007-06-21always initialize logif, from max laier, ok ryanHenning Brauer
2007-06-20Allow "log" for nat rules without "pass".Marco Pfatschbacher
2007-05-31convert to new .Dd format;Jason McIntyre
2007-05-31Cope with new ioctl interface (use pfsync_state instead of pf_state)Ryan Thomas McBride
2007-05-27No need to shutdown(2) DGRAM socket before closing it. Found while lookingClaudio Jeker
2007-04-21"o" in optiopt_list is superfluous now tooHenning Brauer
2007-04-21fix -o handling. syntax is now -o none|basic|profile. -o without argumentHenning Brauer
2007-04-20no whitespace allowed between -o and its argument, so update doc/usage()Jason McIntyre
2007-03-21Enable basic ruleset optimization by default.Ryan Thomas McBride
2007-03-01be more careful with mixing &/| with &&/||, ok ottoTheo de Raadt
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09pfctl_clear_rule_counters() is not needed any moreHenning Brauer
2007-02-09use DIOCGETRULE ioctl & action set to PF_GET_CLR_CNTR to clear countersHenning Brauer
2007-02-03in decide_address_family(), only limit a rule to a specific address familyDaniel Hartmeier
2007-01-30document -sI -v;Jason McIntyre
2007-01-18implement -T expire.Henning Brauer
2006-12-24Remove m88k compiler flags tweak which is no longer necessary since a long timeMiod Vallat
2006-12-13IPv6 passive OS fingerprinting.Jun-ichiro itojun Hagino
2006-11-28fix servicecurve check; no point in checking the same sc three times, itHenning Brauer
2006-11-20-K argument to kill source tracking nodes explicitly, behaves like theRyan Thomas McBride
2006-11-10Print the interface that each queue is bound to in the pfctl -sq outputJoel Knight
2006-11-07Only try to recursively print rules if they are actually anchors.Ryan Thomas McBride
2006-11-07Unbreak authpf by handling non-inline anchors separately from the { } anchorsRyan Thomas McBride
2006-11-05Don't open a transaction for a ruleset unless it's a brace ruleset thatRyan Thomas McBride
2006-11-01sync usage(); ok mcbrideJason McIntyre
2006-11-01tweaks;Jason McIntyre
2006-11-01Don't recures ALL the time.Ryan Thomas McBride
2006-11-01Document recursive printing of anchors via -a '*' or -a 'anchor/*'.Ryan Thomas McBride
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-31Document new behaviour of the -o (ruleset optimization) flag.Ryan Thomas McBride
2006-10-31Allow pfctl ruleset optimizer to be controlled from the ruleset.Ryan Thomas McBride
2006-10-31- don't allow anchors with _* names to be cleared or loaded from theRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-10-25make absolutely sure logif is 0 unless set specifically, even if log is 0.Henning Brauer
2006-10-25teach the optimizer about logif, with & ok frantzenHenning Brauer
2006-10-25and another nit, $$.log should be set to 0 explicitely on quick without logHenning Brauer
2006-10-25urgs, $$.quick needs to be set to 0 explicitely on log (without quick)Henning Brauer
2006-10-25allow the log interface to be selected likeHenning Brauer
2006-10-23no need to use "keep state" and "flags S/SA" in pf rules,Jason McIntyre
2006-10-17Don't automatically set 'flags S/SA' on stateless rules.Ryan Thomas McBride
2006-10-11quotes around filename, pr 5253, sthen@zephyr.spacehopper.orgTheo de Raadt
2006-10-11Allow the 'quick' keyword on an anchor. IFF there is a matching rule insideRyan Thomas McBride
2006-10-06Print 'flags any' correctly and handle anchors.Ryan Thomas McBride
2006-10-06'no state' should only be printed on pass rules, though.Ryan Thomas McBride
2006-10-06Print out 'no state' when the rule is not stateful.Ryan Thomas McBride