summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2006-11-07Only try to recursively print rules if they are actually anchors.Ryan Thomas McBride
2006-11-07Unbreak authpf by handling non-inline anchors separately from the { } anchorsRyan Thomas McBride
2006-11-05Don't open a transaction for a ruleset unless it's a brace ruleset thatRyan Thomas McBride
2006-11-01sync usage(); ok mcbrideJason McIntyre
2006-11-01tweaks;Jason McIntyre
2006-11-01Don't recures ALL the time.Ryan Thomas McBride
2006-11-01Document recursive printing of anchors via -a '*' or -a 'anchor/*'.Ryan Thomas McBride
2006-10-31Allow a user to recursively print anchors including those withoutRyan Thomas McBride
2006-10-31Document new behaviour of the -o (ruleset optimization) flag.Ryan Thomas McBride
2006-10-31Allow pfctl ruleset optimizer to be controlled from the ruleset.Ryan Thomas McBride
2006-10-31- don't allow anchors with _* names to be cleared or loaded from theRyan Thomas McBride
2006-10-28Load all rules into memory before loading into the kernel, and add supportRyan Thomas McBride
2006-10-25make absolutely sure logif is 0 unless set specifically, even if log is 0.Henning Brauer
2006-10-25teach the optimizer about logif, with & ok frantzenHenning Brauer
2006-10-25and another nit, $$.log should be set to 0 explicitely on quick without logHenning Brauer
2006-10-25urgs, $$.quick needs to be set to 0 explicitely on log (without quick)Henning Brauer
2006-10-25allow the log interface to be selected likeHenning Brauer
2006-10-23no need to use "keep state" and "flags S/SA" in pf rules,Jason McIntyre
2006-10-17Don't automatically set 'flags S/SA' on stateless rules.Ryan Thomas McBride
2006-10-11quotes around filename, pr 5253, sthen@zephyr.spacehopper.orgTheo de Raadt
2006-10-11Allow the 'quick' keyword on an anchor. IFF there is a matching rule insideRyan Thomas McBride
2006-10-06Print 'flags any' correctly and handle anchors.Ryan Thomas McBride
2006-10-06'no state' should only be printed on pass rules, though.Ryan Thomas McBride
2006-10-06Print out 'no state' when the rule is not stateful.Ryan Thomas McBride
2006-10-06Oops, flags S/SA doesn't work on fragments.Ryan Thomas McBride
2006-10-06Make 'flags S/SA keep state' the implicit for filter rules, based onRyan Thomas McBride
2006-08-22back out -r1.497 (support for "tagged {}" lists), it broke "tagged" supportDaniel Hartmeier
2006-08-08properly join host lists in ifa_grouplookup(), closes PR 5195,Daniel Hartmeier
2006-07-06add "rtable" to select alternate routing tables.Henning Brauer
2006-06-30spacesTheo de Raadt
2006-06-17KNFHenning Brauer
2006-06-09Xo/Xc not needed here; from davidJason McIntyre
2006-05-28Make per-rule adaptive timeouts behave the same way as the global adaptiveRyan Thomas McBride
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-05-26\<char> is <char> except for \<newline> -- no exceptions. much like howTheo de Raadt
2006-05-23member interfaces of groups might have no IPs and ifa_lookup retun NULL,Henning Brauer
2006-05-14better english to describe interfaces without bandwidth info; ok henningTheo de Raadt
2006-05-02fix creation of sub-anchors, e.g. if you create an anchor /foo/bar, createDaniel Hartmeier
2006-05-01add support for "tagged {}" lists, from Pierre-Yves RitschardDaniel Hartmeier
2006-04-24don't clear interface flags (set skip on) when -N/-F is used without -O,Daniel Hartmeier
2006-04-08Plug simple memory leak. ``Don't forget to free tcpopts when youRay Lai
2006-04-08Remove a little bit of dead code; minburst is set to 2 earlier, andRay Lai
2006-04-06allow lists inside lists for address specs, has been in my tree forHenning Brauer
2006-03-21instead of sizeof(array) / sizeof(element) computation, use the existingDaniel Hartmeier
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
2006-01-28zap unused functionHenning Brauer
2005-11-17for pfctl -f rules, open the file before resetting options. when openingDaniel Hartmeier
2005-11-12return; at end of function is dorkyTheo de Raadt
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-10-18add support for static interface group expansion, i. e.Henning Brauer