Age | Commit message (Expand) | Author |
2007-03-01 | be more careful with mixing &/| with &&/||, ok otto | Theo de Raadt |
2007-02-23 | if machine has more than 100MB of physmem, default the max table entries | Theo de Raadt |
2007-02-09 | pfctl_clear_rule_counters() is not needed any more | Henning Brauer |
2007-02-09 | use DIOCGETRULE ioctl & action set to PF_GET_CLR_CNTR to clear counters | Henning Brauer |
2007-02-03 | in decide_address_family(), only limit a rule to a specific address family | Daniel Hartmeier |
2007-01-30 | document -sI -v; | Jason McIntyre |
2007-01-18 | implement -T expire. | Henning Brauer |
2006-12-24 | Remove m88k compiler flags tweak which is no longer necessary since a long time | Miod Vallat |
2006-12-13 | IPv6 passive OS fingerprinting. | Jun-ichiro itojun Hagino |
2006-11-28 | fix servicecurve check; no point in checking the same sc three times, it | Henning Brauer |
2006-11-20 | -K argument to kill source tracking nodes explicitly, behaves like the | Ryan Thomas McBride |
2006-11-10 | Print the interface that each queue is bound to in the pfctl -sq output | Joel Knight |
2006-11-07 | Only try to recursively print rules if they are actually anchors. | Ryan Thomas McBride |
2006-11-07 | Unbreak authpf by handling non-inline anchors separately from the { } anchors | Ryan Thomas McBride |
2006-11-05 | Don't open a transaction for a ruleset unless it's a brace ruleset that | Ryan Thomas McBride |
2006-11-01 | sync usage(); ok mcbride | Jason McIntyre |
2006-11-01 | tweaks; | Jason McIntyre |
2006-11-01 | Don't recures ALL the time. | Ryan Thomas McBride |
2006-11-01 | Document recursive printing of anchors via -a '*' or -a 'anchor/*'. | Ryan Thomas McBride |
2006-10-31 | Allow a user to recursively print anchors including those without | Ryan Thomas McBride |
2006-10-31 | Document new behaviour of the -o (ruleset optimization) flag. | Ryan Thomas McBride |
2006-10-31 | Allow pfctl ruleset optimizer to be controlled from the ruleset. | Ryan Thomas McBride |
2006-10-31 | - don't allow anchors with _* names to be cleared or loaded from the | Ryan Thomas McBride |
2006-10-28 | Load all rules into memory before loading into the kernel, and add support | Ryan Thomas McBride |
2006-10-25 | make absolutely sure logif is 0 unless set specifically, even if log is 0. | Henning Brauer |
2006-10-25 | teach the optimizer about logif, with & ok frantzen | Henning Brauer |
2006-10-25 | and another nit, $$.log should be set to 0 explicitely on quick without log | Henning Brauer |
2006-10-25 | urgs, $$.quick needs to be set to 0 explicitely on log (without quick) | Henning Brauer |
2006-10-25 | allow the log interface to be selected like | Henning Brauer |
2006-10-23 | no need to use "keep state" and "flags S/SA" in pf rules, | Jason McIntyre |
2006-10-17 | Don't automatically set 'flags S/SA' on stateless rules. | Ryan Thomas McBride |
2006-10-11 | quotes around filename, pr 5253, sthen@zephyr.spacehopper.org | Theo de Raadt |
2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
2006-10-06 | Print 'flags any' correctly and handle anchors. | Ryan Thomas McBride |
2006-10-06 | 'no state' should only be printed on pass rules, though. | Ryan Thomas McBride |
2006-10-06 | Print out 'no state' when the rule is not stateful. | Ryan Thomas McBride |
2006-10-06 | Oops, flags S/SA doesn't work on fragments. | Ryan Thomas McBride |
2006-10-06 | Make 'flags S/SA keep state' the implicit for filter rules, based on | Ryan Thomas McBride |
2006-08-22 | back out -r1.497 (support for "tagged {}" lists), it broke "tagged" support | Daniel Hartmeier |
2006-08-08 | properly join host lists in ifa_grouplookup(), closes PR 5195, | Daniel Hartmeier |
2006-07-06 | add "rtable" to select alternate routing tables. | Henning Brauer |
2006-06-30 | spaces | Theo de Raadt |
2006-06-17 | KNF | Henning Brauer |
2006-06-09 | Xo/Xc not needed here; from david | Jason McIntyre |
2006-05-28 | Make per-rule adaptive timeouts behave the same way as the global adaptive | Ryan Thomas McBride |
2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
2006-05-26 | \<char> is <char> except for \<newline> -- no exceptions. much like how | Theo de Raadt |
2006-05-23 | member interfaces of groups might have no IPs and ifa_lookup retun NULL, | Henning Brauer |
2006-05-14 | better english to describe interfaces without bandwidth info; ok henning | Theo de Raadt |
2006-05-02 | fix creation of sub-anchors, e.g. if you create an anchor /foo/bar, create | Daniel Hartmeier |