summaryrefslogtreecommitdiff
path: root/sbin/pfctl
AgeCommit message (Expand)Author
2001-09-20Fix uninitialized structure fields. Problem reported by Cedric Berger.Daniel Hartmeier
2001-09-15Implement return-icmp(number), return-icmp6(number)Peter Stromberg
2001-09-15ICMP6_DST_UNREACH_NOROUTE <-> _ADMIN, reported by Wouter Coene.Daniel Hartmeier
2001-09-15Fix 'binat ... to any ...' (binat.af wasn't set).Daniel Hartmeier
2001-09-15Parse bug, found by wilfried@Daniel Hartmeier
2001-09-15IPv6 support from Ryan McBride (mcbride@countersiege.com)Mike Frantzen
2001-09-12check calloc() return valueMarkus Friedl
2001-09-06- you can only binat between hostsjasoni
2001-09-061:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@jasoni
2001-09-06Initial idea from aaron@: Last char of .Xr group in SEE ALSO section shouldMike Pechkin
2001-09-04Support parameter lists {} for interfaces in filter rules, likeDaniel Hartmeier
2001-09-02Print rule numbers zero-based. Noted by primus@gblx.net.Daniel Hartmeier
2001-08-28move '!' from host_list to host: "xhost : '!' host | host;"; ok dhartmei@Markus Friedl
2001-08-28check for malloc/strdup == NULLMarkus Friedl
2001-08-28Support ! operator in host parameter lists. Fixes PR system/2030. ReportedDaniel Hartmeier
2001-08-28Bump state timeouts and allow tweaking them from pfctl.Mike Frantzen
2001-08-26sort keywordsTheo de Raadt
2001-08-25PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.Mike Frantzen
2001-08-23o for a port_item, initialize the "next" pointer to NULLTodd C. Miller
2001-08-23Support var="string". Expansion (at lex time) done using $var, for instance:Theo de Raadt
2001-08-23KNFTheo de Raadt
2001-08-23for -s all, do not error out when the first ioctl failsTheo de Raadt
2001-08-22ftp-proxyBob Beck
2001-08-19do not spin if no states are foundTheo de Raadt
2001-08-19Document per-rule byte counter.Daniel Hartmeier
2001-08-19Add per-rule byte counter, so mickey can do accounting. We're counting theDaniel Hartmeier
2001-08-19Document per-rule statistics. If the evaluation counters look funny,Daniel Hartmeier
2001-08-19Print per-rule statistics when -v is used with -sr (show rules).Daniel Hartmeier
2001-08-19Unfuck some TCP state stuff that would drop the SYN|ACK.Mike Frantzen
2001-08-19Add parameter list support to parser. Handles lists for protocol, hostsDaniel Hartmeier
2001-08-18make pfctl -s state SCREAM; frantzen is now happyTheo de Raadt
2001-08-18prettier printing of statesTheo de Raadt
2001-08-16track the line number per-token, so that we can report errors correctlyTheo de Raadt
2001-08-14optimize the flags parsing; markus@ okMichael Shalayeff
2001-08-11Add support for ICMP errors referring to ICMP queries/replies. FixesDaniel Hartmeier
2001-08-11\+\n support, and spit out cc-style error messages. the parser's lineTheo de Raadt
2001-08-03o) We always closes .Bl and .Bd tags;Mike Pechkin
2001-07-31allow to test that flags are unset, ok dhartmei@, mickey@Peter Stromberg
2001-07-28start sentence on new line, from mpech@Daniel Hartmeier
2001-07-26sort SEE ALSO section correctly, from mpech@.Daniel Hartmeier
2001-07-26usage() with __progname according to style(9), typo in man page. both from mp...Daniel Hartmeier
2001-07-20we don't like:Mike Pechkin
2001-07-19Fix/complete the handling of the binary ops >< and <> to behaveKenneth R Westerback
2001-07-18new ERROR token, errx() -> warnx() + ERROR; ok deraadt@Markus Friedl
2001-07-18KNF for returnMarkus Friedl
2001-07-18check number range to fit in 32 bitsMichael Shalayeff
2001-07-18put range checks on NUMBER, pointed out by deraadtMichael Shalayeff
2001-07-17spaces, parens, err instead of errx+strerrorMichael Shalayeff
2001-07-17warnx()/YYERROR instead of errx(); suggested by mickey@Markus Friedl
2001-07-17markus doesnt like min-ttl =, begoneNiels Provos