summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2012-10-19rtableid must be BREAK instead of MERGE, otherwise the optimizer mightHenning Brauer
2012-10-18Disallow tables and interface address pools for rdr-to, nat-to andReyk Floeter
2012-09-29Remove extra .PpLawrence Teo
2012-09-19Show which limit cannot be set. idea mikebCamiel Dobbelaar
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
2012-08-17Don't forget to byteswap the state_flags since it's a uint16_t now.Mike Belopuhov
2012-07-26load os passive fingerprints when testing the ruleset; ok henningMike Belopuhov
2012-07-10use PFSTATE_SCRUBMASKHenning Brauer
2012-07-10Allow an implicit address family for af-to rules. If the addressAlexander Bluhm
2012-07-10intermediate hack^Wugly "fix" to prevent spurious "scrub ()" printsHenning Brauer
2012-07-10set { ... } -> set ( ... )Henning Brauer
2012-07-09fix some of the confusion we have in pf regarding filter criteria vsHenning Brauer
2012-07-08New attempt to make the -P flag work with -ss, so that states can beLawrence Teo
2012-07-07remove incorrect check in pfctl preventing set-tos for ipvshit.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-06-01revert previous, breaks tcpdumpJonathan Gray
2012-06-01Make the -P flag work with -ss, so that states can be printed with portLawrence Teo
2012-05-07fix printing of wildcard anchors, from lteo, ok phessler sthen meHenning Brauer
2012-05-02remove redundant check; from lteo; ok haesbaertHenning Brauer
2012-05-02don't call getifmtu in -n mode, assume 1500. calling getifmtu requiresHenning Brauer
2012-04-18not (unsigned); ok henningTheo de Raadt
2012-01-15convert an snprintf to strlcpyDavid Hill
2011-12-19unbreak rule optimizer; ok henning, looksMike Belopuhov
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-12-03pfctl_set_hostid always returns 0; don't pretend otherwise and make it aRyan Thomas McBride
2011-12-03Avoid loading garbage hostid and other values not always initialised,Ryan Thomas McBride
2011-11-23print ports as numbers by default; -P prints names insteadHenning Brauer
2011-11-23print_rule: rename opts -> ropts, no binary changeHenning Brauer
2011-11-08Fixup skip step printout: rdomains come after direction; ok mcbride, henningMike Belopuhov
2011-10-13pfctl change for af-to / NAT64 support.Claudio Jeker
2011-09-07Avoid possible SIGSEGV when wrong tos option.Christiano F. Haesbaert
2011-08-30One shot rules can be used in pf.conf by specifying a "once" filter option.Mike Belopuhov
2011-07-29Remove requirement to quote 'debug' loglevel for the 'debug' option.Ryan Thomas McBride
2011-07-27Add support for weighted round-robin in load balancing pools and tables.Ryan Thomas McBride
2011-07-13Force user to specify protocol when filtering on user, gid, and osRyan Thomas McBride
2011-07-08allow rules to specify "prio X" or "prio (X, Y)" to assign priority levelsHenning Brauer
2011-07-08Correctly print skip steps in -vv modeRyan Thomas McBride
2011-07-07Don't print 'keep state' anymore unless it's needed for state options, it'sRyan Thomas McBride
2011-07-07Fold pf_test_fragment() into pf_test_rule(), reduce code and fixesRyan Thomas McBride
2011-07-04tsc tsc, no waikiki for me. copyright statement without year. 2003 it was.Henning Brauer
2011-07-04bye bye require-order.Henning Brauer
2011-07-04rip out more effectively dead code, ryan okHenning Brauer
2011-07-03g/c RIO traces (aka clean up after tedu :))Henning Brauer
2011-07-03*_CLEARDSCP could never possibly have been set, no point in being able toHenning Brauer
2011-07-03bring in least-states load balancing algorithmJoerg Zinke
2011-04-23improve line breaking in SYNOPSIS now that semantics of the .Bk macroIgor Sobrado
2011-04-06Userland bits to allow PF to filter on the rdomain a packet belongs to.Claudio Jeker
2011-04-05ditch fastroute, an ipf feature that made its way into pf beforeMike Belopuhov
2011-01-23'pfctl -x none' did not turn debugging off. Skip the syslog internalAlexander Bluhm
2010-12-31According to pf_scrub_ip6() pf does not support the scrub optionsAlexander Bluhm