summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2002-10-17These checks are also made in nat_consistent() and rdr_consistent().Ryan Thomas McBride
2002-10-17- accept all protocols that are specified by number if they are inCamiel Dobbelaar
2002-10-16Fix and improve binat mask comparison.Mike Pechkin
2002-10-14Allow one to specify a netblock in a binat rule:Henning Brauer
2002-10-11When a macro cannot be expanded because it is not defined, say so. Also warnCamiel Dobbelaar
2002-10-11In lgetc(), compress strings of whitespace to a single space. This makesCamiel Dobbelaar
2002-10-08 remove <0 checks on unsigned numbers.Vincent Labrecque
2002-10-07-Wsign-compare cleanDaniel Hartmeier
2002-10-07Two cases of const-correctness and make one global local.Daniel Hartmeier
2002-10-07set block-policy [drop|return]Henning Brauer
2002-10-07support a generic returnHenning Brauer
2002-10-07make return-icmp work for rules covering both v4 and v6Henning Brauer
2002-10-07use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or notHenning Brauer
2002-10-07Add 'reply-to' to filter rules, similar to route-to, but applying toDaniel Hartmeier
2002-10-06Move CHECK_ROOT into LOOP_THROUGH, gets rid of one macro and savesDaniel Hartmeier
2002-10-05Expand {} lists from left to right, so 'pass in from { a, b } to any'Daniel Hartmeier
2002-10-05Allow filtering based on IP header's tos field.Daniel Hartmeier
2002-09-22little KNF: return(something) -> return (something)Henning Brauer
2002-09-22fix linenumber counting in findeol, and simplify by ignoring the \ case,Henning Brauer
2002-09-22antispoof, take 2.Henning Brauer
2002-09-18fix Xr refs; frisco@blackant.netTheo de Raadt
2002-09-17easier "self" implementation.Henning Brauer
2002-09-15set a netmask in the dynaddr caseHenning Brauer
2002-09-14oooooooopsieHenning Brauer
2002-09-14bit more clue in rdr/nat rules wrt address family examinationHenning Brauer
2002-09-12check for calloc() failure; ho@Henning Brauer
2002-09-12antispoof [log] [quick] for [interface|interface_list] [af]Henning Brauer
2002-09-12rework netmask handling:Henning Brauer
2002-09-08be more clueful wrt address family in nat/rdr rules.Henning Brauer
2002-09-02Fix parsing of port ranges in translation rules (port a:b -> port c:d).Daniel Hartmeier
2002-09-02Make sure the interface specified with route-to/dup-to/fastroute existsDaniel Hartmeier
2002-08-20Increase lineno on newlines inside multi-line macro definitions, otherwiseDaniel Hartmeier
2002-08-16kill duplicated check for '(' and ')' in allowed_in_stringHenning Brauer
2002-08-12Catch null pointer deref (segfault), from wilfried@Daniel Hartmeier
2002-08-06missing free(), mpech@Henning Brauer
2002-08-06check fo strdup() allocation errorsHenning Brauer
2002-07-31KNF, esp. missing prototypesHenning Brauer
2002-07-30grmpf.Henning Brauer
2002-07-30allow to specify flags on all rules that include tcp.Henning Brauer
2002-07-26make the order of log and quick irrelevant. now bothHenning Brauer
2002-07-23timeout_list/_spec and limit_list/_spec don't return anything -> no %type.Henning Brauer
2002-07-21fix route-to alsoTheo de Raadt
2002-07-21make the , optional in many places. This makes string concat a lot moreTheo de Raadt
2002-07-21string concat, ie.Theo de Raadt
2002-07-20minor indent tweaksTheo de Raadt
2002-07-20properly split yacc and lex useTheo de Raadt
2002-07-19minor tweaks, sighTheo de Raadt
2002-07-19And back out the last change again.Daniel Hartmeier
2002-07-19rework the interface lookup routines internals.Henning Brauer
2002-07-19Support # comments at the end of lines and inside (multi-line) stringDaniel Hartmeier