summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2011-11-08Fixup skip step printout: rdomains come after direction; ok mcbride, henningMike Belopuhov
2011-10-13pfctl change for af-to / NAT64 support.Claudio Jeker
2011-09-07Avoid possible SIGSEGV when wrong tos option.Christiano F. Haesbaert
2011-08-30One shot rules can be used in pf.conf by specifying a "once" filter option.Mike Belopuhov
2011-07-29Remove requirement to quote 'debug' loglevel for the 'debug' option.Ryan Thomas McBride
2011-07-27Add support for weighted round-robin in load balancing pools and tables.Ryan Thomas McBride
2011-07-13Force user to specify protocol when filtering on user, gid, and osRyan Thomas McBride
2011-07-08allow rules to specify "prio X" or "prio (X, Y)" to assign priority levelsHenning Brauer
2011-07-08Correctly print skip steps in -vv modeRyan Thomas McBride
2011-07-07Don't print 'keep state' anymore unless it's needed for state options, it'sRyan Thomas McBride
2011-07-07Fold pf_test_fragment() into pf_test_rule(), reduce code and fixesRyan Thomas McBride
2011-07-04tsc tsc, no waikiki for me. copyright statement without year. 2003 it was.Henning Brauer
2011-07-04bye bye require-order.Henning Brauer
2011-07-04rip out more effectively dead code, ryan okHenning Brauer
2011-07-03g/c RIO traces (aka clean up after tedu :))Henning Brauer
2011-07-03*_CLEARDSCP could never possibly have been set, no point in being able toHenning Brauer
2011-07-03bring in least-states load balancing algorithmJoerg Zinke
2011-04-23improve line breaking in SYNOPSIS now that semantics of the .Bk macroIgor Sobrado
2011-04-06Userland bits to allow PF to filter on the rdomain a packet belongs to.Claudio Jeker
2011-04-05ditch fastroute, an ipf feature that made its way into pf beforeMike Belopuhov
2011-01-23'pfctl -x none' did not turn debugging off. Skip the syslog internalAlexander Bluhm
2010-12-31According to pf_scrub_ip6() pf does not support the scrub optionsAlexander Bluhm
2010-12-15make the "invalid probability:" yyerror suck lessHenning Brauer
2010-12-01remove some unused tokensJonathan Gray
2010-11-12The ioctl to show states returns a pfsync_state which is in network byteClaudio Jeker
2010-10-18Revert non-compatible and undocumented bullshit commited by 3 developersTheo de Raadt
2010-10-17Add quirks support to operating system fingerprinting. tcpdump partJoel Sing
2010-10-12pfctl -sr did not show divert-reply rules without address familyAlexander Bluhm
2010-10-03tweak previous;Jason McIntyre
2010-10-01the grammar of my last commit worked with mandoc, but didn't work with nroff;Reyk Floeter
2010-10-01Add the -R id option to pfctl that allows to show only a specified ruleReyk Floeter
2010-09-24remove the check that enforced rdr-to only inbound and nat-to only outbound.Henning Brauer
2010-09-22new log opt "matches"Henning Brauer
2010-09-20tweak previous; ok schwarzeJason McIntyre
2010-09-19Do not break .Op scope by .Oc.Ingo Schwarze
2010-09-17back out the -Fr hunk from previous: deraadt points out it is incorrectlyJason McIntyre
2010-09-16- note that -Fr puts the filer in a "pass all" stateJason McIntyre
2010-09-12spacing fix;Jason McIntyre
2010-09-02remove trailing spaces and tabs; no binary change.Igor Sobrado
2010-08-11Fix a logic problem which could in theory cause pfctlJonathan Gray
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
2010-07-13Fix (pflow) display in rule printing. Spotted by dhill@, ok henning@Stuart Henderson
2010-07-03Fix a couple of problems with printing of anchors, in particular recursiveRyan Thomas McBride
2010-07-03Use our own enum here rather than abusing the PF rule type enums, whichRyan Thomas McBride
2010-07-01Fix 'pfctl -a anchor -Fa' segfault introduced in r1.298.Stefan Sperling
2010-06-29Fix use after free. Found by regress tests.Charles Longeau
2010-06-28Clean up iterface stats handling:Ryan Thomas McBride
2010-06-25remove -m (merge).Henning Brauer
2010-05-16plug memory leak. `ps' was allocated with strdup(3), but on error pathzinovik
2010-04-02Use a dedicated variable to prevent attempting to open multipleStuart Henderson