summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2008-07-25don't redefine INFINITY -- math.h defines it nowMartynas Venckus
2008-07-24check sysctl return valueHenning Brauer
2008-07-03do not forget to initialize other member of $$ in qname; noted by mark shroyerTheo de Raadt
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-21Fix "-T expire"; clear pfra_fback on addresses before sending them back toRyan Thomas McBride
2008-06-11remove an ugly article;Jason McIntyre
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10in verbose mode indicate which states are sloppy, ryan reyk theoHenning Brauer
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-27Fix count of states flushed, broken when the psnk_af hack was removed in pf_i...Ryan Thomas McBride
2008-05-16no need to quote the argument to .Nd, now that it's nice and short;Jason McIntyre
2008-05-16There is not really a network address translation device.Marco Pfatschbacher
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-09Replace a crockpot of semi-cloned productions for handling portTheo de Raadt
2008-05-09convert port byte order in the production; add port keyword; ok deraadt@Markus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-08make "to any" optional in binat, or well, the implied default.Theo de Raadt
2008-05-08Loosen grammer to permit any number of newlines within most kinds of { }Theo de Raadt
2008-05-08Bring back (in a more yacc friendly way) support for setting variablesTheo de Raadt
2008-05-07do not assume PF_INOUT is 0 in the enum; ok mcbrideTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Document new state creation counter for pfctl -s labelsMarco Pfatschbacher
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-04-21optnl is a crutch for those who do not understand yacc. itTheo de Raadt
2008-02-13Use HW_PHYSMEM64.Mark Kettenis
2008-02-01Enable the rest of the filter_opts to be used on anchors. These were acceptedRyan Thomas McBride
2008-01-26Create the automatic tables at the base of the anchor stack rather thanRyan Thomas McBride
2008-01-25Get rid of warning when compiling with OPT_DEBUG.Ryan Thomas McBride
2007-12-05remove unused functionsCharles Longeau
2007-11-27typos; ok jmc@Martynas Venckus
2007-11-13Bring back the number converter for 'set hostid'.Marco Pfatschbacher
2007-11-12Remove space/tab compression function from lgetc() and replaceMarco Pfatschbacher
2007-10-25Fix probability rules w/ numbers (e.g probability 0.4).Marco Pfatschbacher
2007-10-24HW_PHYSMEM is unsignedPeter Stromberg
2007-10-22sync with daemon parser code.Pierre-Yves Ritschard
2007-10-22pfctl does not need file secrecyTheo de Raadt
2007-10-16Allow unquoted numbers in variables.Marco Pfatschbacher
2007-10-16in the lex... even inside quotes, a \ followed by space or tab shouldTheo de Raadt
2007-10-15specifying int instead of just unsigned is better styleTheo de Raadt
2007-10-13support an include directive; file of course must also be "secure" likeTheo de Raadt
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-10-11next step in the yylex unification: handle quoted strings in a nicer fashionTheo de Raadt
2007-10-01Backout NUMBER to string conversion.Marco Pfatschbacher
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-09-23Allow numbers to be used as unquoted strings again.Marco Pfatschbacher
2007-09-12add a missing range check for rtable ids; ok cloder henningTheo de Raadt
2007-09-12Add support to the lex for parsing number out of the stream. handleTheo de Raadt