| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-11-05 | Don't open a transaction for a ruleset unless it's a brace ruleset that | Ryan Thomas McBride | |
| contains rules. Fixes DIOCXCOMMIT: Device busy when multiple anchors with the same name are specified. reported by ckuethe@ and mkb@crypt.org.ru | |||
| 2006-11-03 | storing return value of strtol() in int variable was not safe, | Alexander von Gernler | |
| also strtol() result was not checked for under/overflow thus, rewrite getopt switch/cases with strtonum() and sensible bounds help from mickey@ millert@, ok millert@, no objections otto@ | |||
| 2006-11-03 | correctify example; | Jason McIntyre | |
| from a mail posted to misc@ from uwe dippel; ok otto | |||
| 2006-11-02 | Check for newline before truncating. | Ray Lai | |
| OK moritz@. | |||
| 2006-11-02 | Error out on empty string passed as device name. | Ray Lai | |
| OK moritz@. | |||
| 2006-11-01 | sync usage(); ok mcbride | Jason McIntyre | |
| 2006-11-01 | tweaks; | Jason McIntyre | |
| 2006-11-01 | Don't recures ALL the time. | Ryan Thomas McBride | |
| 2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride | |
| 2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
| ok hshoexer | |||
| 2006-11-01 | Document recursive printing of anchors via -a '*' or -a 'anchor/*'. | Ryan Thomas McBride | |
| 2006-10-31 | Allow a user to recursively print anchors including those without | Ryan Thomas McBride | |
| reserved names, if a trailing * is specified in the anchor name. e.g. recursively print the main ruleset: pfctl -a '*' -sr Recursively print the spam anchor: pfctl -a 'spam*' pfctl -a 'spam/*' Also fix a bug which prevented the contents of inline anchors with explicit names from being loaded into the kernel. ok henning@ | |||
| 2006-10-31 | Document new behaviour of the -o (ruleset optimization) flag. | Ryan Thomas McBride | |
| 2006-10-31 | Allow pfctl ruleset optimizer to be controlled from the ruleset. | Ryan Thomas McBride | |
| "set" "ruleset-optimization" [ "none" | "basic" | "profile" ] You can optionally control ruleset optimization with these keywords on the command line with the -o option; the command line setting will override the pf.conf setting. The existing -o/-oo flags continue to work as expected. cleanup and ok henning@ | |||
| 2006-10-31 | - don't allow anchors with _* names to be cleared or loaded from the | Ryan Thomas McBride | |
| command line (but they can still be viewed) - don't allow users to specify _* as an anchor name in the ruleset - don't print _* anchor names with pfctl -sA unless -v is specified 'looks sensible' deraadt@ | |||
| 2006-10-29 | Fix TAILQ usage, preventing crashes | Pedro Martelletto | |
| Okay henning@ krw@ millert@ hshoexer@ | |||
| 2006-10-28 | Load all rules into memory before loading into the kernel, and add support | Ryan Thomas McBride | |
| for anchors loaded inline in pf.conf, enclosed in a brace-delimited block ("{" "}"). anchor on fxp0 { pass in proto tcp port 22 } The anchor name is optional on inline loaded anchors. testing ckuethe@ ok henning@ dhartmei@ | |||
| 2006-10-28 | prefer `buses' to `busses' for the noun plural; | Jason McIntyre | |
| 2006-10-27 | Sometimes a compromise is needed. | Marc Balmer | |
| After a discussion with jmc and ckuethe. | |||
| 2006-10-27 | Fix a small typo in the manpage and while here add some space between | Marc Balmer | |
| functions. | |||
| 2006-10-26 | - sort options | Jason McIntyre | |
| - sync usage() | |||
| 2006-10-25 | Remove some unneeded externs. OK canacar@ | Moritz Jodeit | |
| 2006-10-25 | allow pflogd to listen on alternate pflog interfaces | Henning Brauer | |
| "Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it evolved quite a bit... ok djm canacar berk | |||
| 2006-10-25 | make absolutely sure logif is 0 unless set specifically, even if log is 0. | Henning Brauer | |
| logif is to be considered invalid unless log is set, but we need this to please the optimizer... | |||
| 2006-10-25 | teach the optimizer about logif, with & ok frantzen | Henning Brauer | |
| 2006-10-25 | and another nit, $$.log should be set to 0 explicitely on quick without log | Henning Brauer | |
| 2006-10-25 | add pflog to list of clonable devices; ok henning | Jason McIntyre | |
| 2006-10-25 | urgs, $$.quick needs to be set to 0 explicitely on log (without quick) | Henning Brauer | |
| 2006-10-25 | allow the log interface to be selected like | Henning Brauer | |
| pass log(to pflog5) block out log(to pflog2) input & ok mcbride | |||
| 2006-10-24 | Ignore NUL lines returned by fgets(3), so we don't | Moritz Jodeit | |
| access one byte before the lbuf buffer. OK cloder@ henning@ | |||
| 2006-10-24 | Check strlen(buf) to be > 0 before accessing buf[strlen(buf)-1]. | Moritz Jodeit | |
| OK ray@ cloder@ | |||
| 2006-10-23 | no need to use "keep state" and "flags S/SA" in pf rules, | Jason McIntyre | |
| now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt | |||
| 2006-10-20 | OpenBSD no longer supports using an older FreeBSD MBR partition. | David Hill | |
| ok krw@ | |||
| 2006-10-19 | note that all rules using enc0 should specify: keep state (if-bound) | Jason McIntyre | |
| 2006-10-19 | Add WATTHOUR and AMPHOUR | Marco Peereboom | |
| ok jordan@ | |||
| 2006-10-18 | Replace gcc __attribute with __dead. Recompile yields no binary change. | Chad Loder | |
| 2006-10-18 | do not name FILE * variables "fd" since it is confusing | Theo de Raadt | |
| 2006-10-17 | Don't automatically set 'flags S/SA' on stateless rules. | Ryan Thomas McBride | |
| pointed out by david@ ok mpf@ dhartmei@ | |||
| 2006-10-16 | More details on multipath. | Ryan Thomas McBride | |
| ok henning + style suggestions from jmc | |||
| 2006-10-16 | tab needed instead of space to format this correctly; | Jason McIntyre | |
| 2006-10-16 | Add multipath variables. | Ryan Thomas McBride | |
| 2006-10-15 | Proper link state descriptions in print_rtmsg() RTM_IFINFO case. | Ryan Thomas McBride | |
| ok deraadt henning | |||
| 2006-10-15 | build fdisk on landisk | Dale Rahn | |
| 2006-10-14 | Friends don't let friends look for disklabels in Free/NetBSD MBR | Kenneth R Westerback | |
| partitions since the kernel doesn't put them or look for them there anymore. | |||
| 2006-10-14 | Friends don't let friends look for disklabels in Free/NetBSD MBR | Kenneth R Westerback | |
| partitions since the kernel doesn't put them or look for them there anymore. | |||
| 2006-10-13 | Fix another potentially unsafe instance of foo[strlen(foo) - 1] = '\0'. | Chad Loder | |
| OK krw | |||
| 2006-10-12 | Should be correct for landisk. | Dale Rahn | |
| 2006-10-11 | quotes around filename, pr 5253, sthen@zephyr.spacehopper.org | Theo de Raadt | |
| 2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride | |
| the anchor, terminate ruleset evaluation when stepping out of the anchor. This means that if you absolutely want the anchor to be terminal, you probably want to use a 'block all' or 'pass all' rule at the start of the anchor. ok dhartmei@ henning@ deraadt@ | |||
| 2006-10-10 | fgets(3) returns NULL on error, not 0. No functional change, but it makes | Chad Loder | |
| the code easier to read. OK deraadt | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |