Age | Commit message (Collapse) | Author | |
---|---|---|---|
2003-02-12 | Define a wsmouse type for HIL mice. | Miod Vallat | |
2003-02-11 | document pfctl -D macro=value | Henning Brauer | |
2003-02-11 | allow macro definition on the command line: | Henning Brauer | |
pfctl -Dextif=wi0 -f /etc/pf.conf command line macro definitions override the ones made in the file (idea theo), very handy if your notebook has another NIC at some conference, as well as for debugging etc. idea rezine@mistrusted.net via pb@ hacked live at FOSDEM ok pb@ dhartmei@ cedric@ | |||
2003-02-11 | Define an HIL wscons keyboard type. | Miod Vallat | |
2003-02-11 | typos; | Jason McIntyre | |
raidctl(8) ok millert@ mknetid(8) help maja@ | |||
2003-02-09 | more live code from FOSDEM: | Henning Brauer | |
make pass in proto tcp to port 80 work. -allow to omit the "any" if you're specifying a port -allow to omit the from or to part if you want "any" for the other ok dhartmei@ pb@ | |||
2003-02-09 | KNF | Henning Brauer | |
2003-02-09 | Fix a few warnings and remove unnecessary check and cast. | Camiel Dobbelaar | |
ok dhartmei henning | |||
2003-02-09 | typos; | Jason McIntyre | |
2003-02-08 | Add scrub option 'random-id', which replaces IP IDs with random values | Daniel Hartmeier | |
for outgoing packets that are not fragmented (after reassembly), to compensate for predictable IDs generated by some hosts, and defeat fingerprinting and NAT detection as described in the Bellovin paper http://www.research.att.com/~smb/papers/fnat.pdf. ok theo@ | |||
2003-02-08 | Add an example of "pfctl -a anchor -s rules" usage, and make it clear | Daniel Hartmeier | |
that -a -s is needed for this, not -sa. | |||
2003-02-07 | typos; | Jason McIntyre | |
2003-02-05 | grok sti type wsdisplay | Michael Shalayeff | |
2003-02-05 | WORKAROUND: use a volatile to get around a compiler or fp emulation bug | Theo de Raadt | |
(jason says he will look into this later) | |||
2003-02-05 | Fix "pass out dup-to (tun0 1.1.1.1) inet6 all" error message | Cedric Berger | |
Allow "pass out dup-to tun0 all" ok mcbride@ henning@ | |||
2003-02-05 | Simplify more. | Cedric Berger | |
2003-02-05 | typos; isakmpd(8) ok niklas@, mailwrapper(8) help kjell@ | Jason McIntyre | |
2003-02-05 | Simplify. | Cedric Berger | |
2003-02-05 | Do not scare ppl too much. | Cedric Berger | |
Suggested by camield@ | |||
2003-02-05 | Set the network mask to all 1's if no address is specified for a | Ryan Thomas McBride | |
route-to/dup-to/reply-to rule. Keeps round-robin from incrementing through the entire address space. ok dhartmei@ | |||
2003-02-04 | don't set the Transform for Default-phase-1-configuration twice, ok ho@ | Markus Friedl | |
2003-02-04 | default to 3DES-SHA-RSA_SIG (same as in OpenBSD 3.2); ok ho@ | Markus Friedl | |
2003-02-04 | use size_t for struct size and offset calculations. | Cedric Berger | |
check msize for overflow and realloc overflow. | |||
2003-02-04 | Cleanup buffer before reuse. Consistency + defensive programming. | Cedric Berger | |
2003-02-03 | typos; | Jason McIntyre | |
ipsecadm(8): examples ho@ help and ok markus@ | |||
2003-02-03 | pretty | Theo de Raadt | |
2003-02-03 | Don't allow loopback interfaces as route/reply/dup-to targets. ok henning@ | Daniel Hartmeier | |
2003-02-03 | remove loadopt global definition and cleanup a bit. | Cedric Berger | |
ok henning@ | |||
2003-02-03 | zap dead code | Henning Brauer | |
2003-02-03 | fix a problem with queue definitions when load options (like -N etc) are | Henning Brauer | |
given; they used to check for their parent interface/queue even in this case. ok dhartmei@ cedric@ | |||
2003-02-03 | More cleanup in tables thanks to Andrey Matveev: | Cedric Berger | |
- get rid of unnecessary header netinet/in.h in pfctl_radix.c and pfctl_table.c - do fclose(3) only when we use config file, not STDIN - get rid of unneeded temporatory variables - minor KNF | |||
2003-02-02 | there is no need to pass opts to parse_rules explicitely; it's passed as | Henning Brauer | |
part of the struct pfctl. | |||
2003-02-02 | no const for int; cedric@ | Henning Brauer | |
2003-02-02 | const'ify params for the host stuff | Henning Brauer | |
ok theo | |||
2003-02-02 | as correctly pointed out by cedric@, the :network and :broadcast parsing | Henning Brauer | |
code really belongs to host_if() and not host(); I dunno why I did put it in host()... ok dhartmei@ deraadt@ | |||
2003-02-01 | typos; | Jason McIntyre | |
chat(8): removed reference to uucico(8) ok deraadt@ | |||
2003-01-31 | typos; | Jason McIntyre | |
eeprom(8): added .Ar to fields, removed references to sun3 sshd(8): help and ok markus@ help and ok millert@ | |||
2003-01-31 | o When checking for root, look at effective, not real uid; checking the | Todd C. Miller | |
real uid made sense when route(8) was setuid root but it no longer is. o ANSIfy deraadt@ OK | |||
2003-01-30 | in these two cases strdup makes more sense than asprintf, pointed out by | Henning Brauer | |
camield@ | |||
2003-01-30 | add support for :network and :broadcast modifiers to interface names. | Henning Brauer | |
sample: pass in on dc0 from dc0:network to any keep state block in on dc0 from any to dc0:broadcast ok theo daniel | |||
2003-01-29 | typos; | Jason McIntyre | |
many tweaks by millert@ (thanks) thanks mpech@ for help with adduser(8) ok millert@ | |||
2003-01-28 | typos; added white boldface to examples | Jason McIntyre | |
ok deraadt@ | |||
2003-01-27 | bit KNF | Henning Brauer | |
2003-01-27 | KNF | Theo de Raadt | |
2003-01-27 | When -a is specified, the operation affects an anchor only, so don't try | Daniel Hartmeier | |
to replace queues (or options) which are global and can't be loaded into an anchor. Found by j@pureftpd.org. | |||
2003-01-25 | Another nice cleanup patch from Andrey Matveev | Cedric Berger | |
KNF + remove/reorg headers. | |||
2003-01-25 | Match changes for rdr port ranges made to pf.c: | Ryan Thomas McBride | |
- fixes behaviour of rdr on le0 from foo to bar port 1:20 -> (lo0) port 22 - makes calculated mapping more explicit for the -> (lo0) port 22:* case testing from dhartmei@ ok dhartmei@ | |||
2003-01-25 | Fix NOACTION with table statements. | Cedric Berger | |
2003-01-25 | Permit initialisation of a table content from a file in pf.conf. | Cedric Berger | |
Cleaning up of the table options parsing, more flexible. idea+cleanup deraadt@, ok dhartmei@, pass all regress tests. | |||
2003-01-25 | Correctly check illegal constructs with tables. Better error messages. | Cedric Berger | |
ok dhartmei@ pass all regress tests. |