summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2003-02-12Define a wsmouse type for HIL mice.Miod Vallat
2003-02-11document pfctl -D macro=valueHenning Brauer
2003-02-11allow macro definition on the command line:Henning Brauer
pfctl -Dextif=wi0 -f /etc/pf.conf command line macro definitions override the ones made in the file (idea theo), very handy if your notebook has another NIC at some conference, as well as for debugging etc. idea rezine@mistrusted.net via pb@ hacked live at FOSDEM ok pb@ dhartmei@ cedric@
2003-02-11Define an HIL wscons keyboard type.Miod Vallat
2003-02-11typos;Jason McIntyre
raidctl(8) ok millert@ mknetid(8) help maja@
2003-02-09more live code from FOSDEM:Henning Brauer
make pass in proto tcp to port 80 work. -allow to omit the "any" if you're specifying a port -allow to omit the from or to part if you want "any" for the other ok dhartmei@ pb@
2003-02-09KNFHenning Brauer
2003-02-09Fix a few warnings and remove unnecessary check and cast.Camiel Dobbelaar
ok dhartmei henning
2003-02-09typos;Jason McIntyre
2003-02-08Add scrub option 'random-id', which replaces IP IDs with random valuesDaniel Hartmeier
for outgoing packets that are not fragmented (after reassembly), to compensate for predictable IDs generated by some hosts, and defeat fingerprinting and NAT detection as described in the Bellovin paper http://www.research.att.com/~smb/papers/fnat.pdf. ok theo@
2003-02-08Add an example of "pfctl -a anchor -s rules" usage, and make it clearDaniel Hartmeier
that -a -s is needed for this, not -sa.
2003-02-07typos;Jason McIntyre
2003-02-05grok sti type wsdisplayMichael Shalayeff
2003-02-05WORKAROUND: use a volatile to get around a compiler or fp emulation bugTheo de Raadt
(jason says he will look into this later)
2003-02-05Fix "pass out dup-to (tun0 1.1.1.1) inet6 all" error messageCedric Berger
Allow "pass out dup-to tun0 all" ok mcbride@ henning@
2003-02-05Simplify more.Cedric Berger
2003-02-05typos; isakmpd(8) ok niklas@, mailwrapper(8) help kjell@Jason McIntyre
2003-02-05Simplify.Cedric Berger
2003-02-05Do not scare ppl too much.Cedric Berger
Suggested by camield@
2003-02-05Set the network mask to all 1's if no address is specified for aRyan Thomas McBride
route-to/dup-to/reply-to rule. Keeps round-robin from incrementing through the entire address space. ok dhartmei@
2003-02-04don't set the Transform for Default-phase-1-configuration twice, ok ho@Markus Friedl
2003-02-04default to 3DES-SHA-RSA_SIG (same as in OpenBSD 3.2); ok ho@Markus Friedl
2003-02-04use size_t for struct size and offset calculations.Cedric Berger
check msize for overflow and realloc overflow.
2003-02-04Cleanup buffer before reuse. Consistency + defensive programming.Cedric Berger
2003-02-03typos;Jason McIntyre
ipsecadm(8): examples ho@ help and ok markus@
2003-02-03prettyTheo de Raadt
2003-02-03Don't allow loopback interfaces as route/reply/dup-to targets. ok henning@Daniel Hartmeier
2003-02-03remove loadopt global definition and cleanup a bit.Cedric Berger
ok henning@
2003-02-03zap dead codeHenning Brauer
2003-02-03fix a problem with queue definitions when load options (like -N etc) areHenning Brauer
given; they used to check for their parent interface/queue even in this case. ok dhartmei@ cedric@
2003-02-03More cleanup in tables thanks to Andrey Matveev:Cedric Berger
- get rid of unnecessary header netinet/in.h in pfctl_radix.c and pfctl_table.c - do fclose(3) only when we use config file, not STDIN - get rid of unneeded temporatory variables - minor KNF
2003-02-02there is no need to pass opts to parse_rules explicitely; it's passed asHenning Brauer
part of the struct pfctl.
2003-02-02no const for int; cedric@Henning Brauer
2003-02-02const'ify params for the host stuffHenning Brauer
ok theo
2003-02-02as correctly pointed out by cedric@, the :network and :broadcast parsingHenning Brauer
code really belongs to host_if() and not host(); I dunno why I did put it in host()... ok dhartmei@ deraadt@
2003-02-01typos;Jason McIntyre
chat(8): removed reference to uucico(8) ok deraadt@
2003-01-31typos;Jason McIntyre
eeprom(8): added .Ar to fields, removed references to sun3 sshd(8): help and ok markus@ help and ok millert@
2003-01-31o When checking for root, look at effective, not real uid; checking theTodd C. Miller
real uid made sense when route(8) was setuid root but it no longer is. o ANSIfy deraadt@ OK
2003-01-30in these two cases strdup makes more sense than asprintf, pointed out byHenning Brauer
camield@
2003-01-30add support for :network and :broadcast modifiers to interface names.Henning Brauer
sample: pass in on dc0 from dc0:network to any keep state block in on dc0 from any to dc0:broadcast ok theo daniel
2003-01-29typos;Jason McIntyre
many tweaks by millert@ (thanks) thanks mpech@ for help with adduser(8) ok millert@
2003-01-28typos; added white boldface to examplesJason McIntyre
ok deraadt@
2003-01-27bit KNFHenning Brauer
2003-01-27KNFTheo de Raadt
2003-01-27When -a is specified, the operation affects an anchor only, so don't tryDaniel Hartmeier
to replace queues (or options) which are global and can't be loaded into an anchor. Found by j@pureftpd.org.
2003-01-25Another nice cleanup patch from Andrey MatveevCedric Berger
KNF + remove/reorg headers.
2003-01-25Match changes for rdr port ranges made to pf.c:Ryan Thomas McBride
- fixes behaviour of rdr on le0 from foo to bar port 1:20 -> (lo0) port 22 - makes calculated mapping more explicit for the -> (lo0) port 22:* case testing from dhartmei@ ok dhartmei@
2003-01-25Fix NOACTION with table statements.Cedric Berger
2003-01-25Permit initialisation of a table content from a file in pf.conf.Cedric Berger
Cleaning up of the table options parsing, more flexible. idea+cleanup deraadt@, ok dhartmei@, pass all regress tests.
2003-01-25Correctly check illegal constructs with tables. Better error messages.Cedric Berger
ok dhartmei@ pass all regress tests.