summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2008-05-07do not assume PF_INOUT is 0 in the enum; ok mcbrideTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Document new state creation counter for pfctl -s labelsMarco Pfatschbacher
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-04-21optnl is a crutch for those who do not understand yacc. itTheo de Raadt
2008-02-13Use HW_PHYSMEM64.Mark Kettenis
2008-02-01Enable the rest of the filter_opts to be used on anchors. These were acceptedRyan Thomas McBride
2008-01-26Create the automatic tables at the base of the anchor stack rather thanRyan Thomas McBride
2008-01-25Get rid of warning when compiling with OPT_DEBUG.Ryan Thomas McBride
2007-12-05remove unused functionsCharles Longeau
2007-11-27typos; ok jmc@Martynas Venckus
2007-11-13Bring back the number converter for 'set hostid'.Marco Pfatschbacher
2007-11-12Remove space/tab compression function from lgetc() and replaceMarco Pfatschbacher
2007-10-25Fix probability rules w/ numbers (e.g probability 0.4).Marco Pfatschbacher
2007-10-24HW_PHYSMEM is unsignedPeter Stromberg
2007-10-22sync with daemon parser code.Pierre-Yves Ritschard
2007-10-22pfctl does not need file secrecyTheo de Raadt
2007-10-16Allow unquoted numbers in variables.Marco Pfatschbacher
2007-10-16in the lex... even inside quotes, a \ followed by space or tab shouldTheo de Raadt
2007-10-15specifying int instead of just unsigned is better styleTheo de Raadt
2007-10-13support an include directive; file of course must also be "secure" likeTheo de Raadt
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-10-11next step in the yylex unification: handle quoted strings in a nicer fashionTheo de Raadt
2007-10-01Backout NUMBER to string conversion.Marco Pfatschbacher
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-09-23Allow numbers to be used as unquoted strings again.Marco Pfatschbacher
2007-09-12add a missing range check for rtable ids; ok cloder henningTheo de Raadt
2007-09-12Add support to the lex for parsing number out of the stream. handleTheo de Raadt
2007-08-30add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/toDaniel Hartmeier
2007-07-01states here too not stateHenning Brauer
2007-06-30allow states instead of just state for -s and -F for consistency's sake.Henning Brauer
2007-06-21always initialize logif, from max laier, ok ryanHenning Brauer
2007-06-20Allow "log" for nat rules without "pass".Marco Pfatschbacher
2007-05-31convert to new .Dd format;Jason McIntyre
2007-05-31Cope with new ioctl interface (use pfsync_state instead of pf_state)Ryan Thomas McBride
2007-05-27No need to shutdown(2) DGRAM socket before closing it. Found while lookingClaudio Jeker
2007-04-21"o" in optiopt_list is superfluous now tooHenning Brauer
2007-04-21fix -o handling. syntax is now -o none|basic|profile. -o without argumentHenning Brauer
2007-04-20no whitespace allowed between -o and its argument, so update doc/usage()Jason McIntyre
2007-03-21Enable basic ruleset optimization by default.Ryan Thomas McBride
2007-03-01be more careful with mixing &/| with &&/||, ok ottoTheo de Raadt
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09pfctl_clear_rule_counters() is not needed any moreHenning Brauer
2007-02-09use DIOCGETRULE ioctl & action set to PF_GET_CLR_CNTR to clear countersHenning Brauer
2007-02-03in decide_address_family(), only limit a rule to a specific address familyDaniel Hartmeier
2007-01-30document -sI -v;Jason McIntyre
2007-01-18implement -T expire.Henning Brauer
2006-12-24Remove m88k compiler flags tweak which is no longer necessary since a long timeMiod Vallat
2006-12-13IPv6 passive OS fingerprinting.Jun-ichiro itojun Hagino