Age | Commit message (Collapse) | Author | |
---|---|---|---|
2002-06-17 | only make -g available to root, by disabling setgid kmem; bunch of people ok | Theo de Raadt | |
2002-06-17 | A bit better. Remove debug cruft. | Hakan Olsson | |
2002-06-16 | Rules must in order -> Rules must be in order | Aaron Campbell | |
2002-06-15 | ecn_* policy attributes --- ok ho@ | Angelos D. Keromytis | |
2002-06-15 | Reset rulestate in parse_rules(), so consecutive calls (like from authpf) | Daniel Hartmeier | |
will not fail. Reported by Chris Kuethe. | |||
2002-06-15 | Move ATA SMART defines to atactl. | Grigoriy Orlov | |
No kernel parts use this constants. From Alexander Yurchenko <grange@rt.mipt.ru> | |||
2002-06-15 | Document transparent IPsec. | Angelos D. Keromytis | |
2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries | |
2002-06-14 | make the output of pfctl -k look nice again | Henning Brauer | |
noticed by pb@ ok dhartmei@ | |||
2002-06-14 | Recognize the ECN_TUNNEL attribute. | Hakan Olsson | |
2002-06-14 | manpage for eui64 | Jun-ichiro itojun Hagino | |
2002-06-14 | add "eui64" option. from ww@styx.org. sync usage with reality. | Jun-ichiro itojun Hagino | |
2002-06-14 | metric and mtu are u_long, not int. | Jun-ichiro itojun Hagino | |
2002-06-13 | Fix the numbering of scrub rules. pointed out and oked by frantzen@ | Kjell Wooding | |
2002-06-12 | this stuff really belongs to stderr, not stdout | Henning Brauer | |
pointed out by ho@ ok dhartmei@, kjell@ | |||
2002-06-12 | Rewrite for pf, plus some other small stuff | Hakan Olsson | |
2002-06-12 | Fix uninitialized access. Spotted by danh@ This is a good reason to | Kjell Wooding | |
develop with "ln -s 'J' /etc/malloc.conf" enabled. ok henning@ | |||
2002-06-12 | Five higher MODP groups, but commented out for now (until IANA assigns | Hakan Olsson | |
them proper numbers). | |||
2002-06-11 | Various IPComp-related mods | Hakan Olsson | |
2002-06-11 | set_spi: CPIs are 16 bit. | Hakan Olsson | |
flow: accept IPComp flows. | |||
2002-06-11 | Don't send KEY extensions for IPCOMP. | Hakan Olsson | |
2002-06-11 | Stupid 16-bit CPI numbers. | Hakan Olsson | |
2002-06-11 | split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble', | Mike Frantzen | |
'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking | |||
2002-06-11 | Typo in err() | Kjell Wooding | |
2002-06-11 | Remove some unused code for dealing with nfs over kerberos. No actual change, | Hans Insulander | |
just some #ifdef'ed out code removed. ok deraadt@, art@ and csapuntz@ | |||
2002-06-11 | Document kern.userasymcrypto | Angelos D. Keromytis | |
2002-06-11 | nuke an unused parameter in pfctl_timeout. ok frantzen@ | Kjell Wooding | |
2002-06-11 | Add -N, -R | Kjell Wooding | |
2002-06-11 | Add -N and -R options. When used in conjunction with | Kjell Wooding | |
pfctl -f <rulefile> they allow just the nat or filter rules to be reloaded, respectively. The default (no flags) is to load everything. If -N is specified, any existing filter rules are retained, similarly for -R. ok deraadt@, dhartmei@ | |||
2002-06-11 | sync with reality | Henning Brauer | |
ok dhartmei@ | |||
2002-06-11 | KNF, remove function parameter names | Daniel Hartmeier | |
2002-06-11 | Remove parse_nat() prototype, it's gone. Yes, authpf is broken at the | Daniel Hartmeier | |
moment. | |||
2002-06-11 | Add $OpenBSD, license, include guards and remove one superfluous | Daniel Hartmeier | |
prototype. From Chris Kuethe | |||
2002-06-11 | print a string for UDP and OTHER state level instead of a numeric level | Mike Frantzen | |
ok dhartmei@, henning@ | |||
2002-06-11 | SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments | Mike Frantzen | |
without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@ | |||
2002-06-11 | sync usage() with reality | Henning Brauer | |
2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier | |
source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@ | |||
2002-06-11 | rework pfctl statistics display | Henning Brauer | |
move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@ | |||
2002-06-10 | Merge the NAT and rules files into a single rulefile. Rules must be | Kjell Wooding | |
in this order, to remove any ambiguity about what order things happen in: scrub rules nat rules filter rules The -N and -R modifiers go away. Rulefiles are now loaded with the more POSIXly-correct '-f' ok frantzen@ | |||
2002-06-10 | print ethernet address; ok provos@, itojun@ | Markus Friedl | |
2002-06-10 | permit DNS name (they are considered RTF_HOST if specified as destination). | Jun-ichiro itojun Hagino | |
PR 2152 | |||
2002-06-10 | CPIs cannot be selected from the same range as SPIs. | Hakan Olsson | |
2002-06-10 | Zap a few remaining libkeynote refs. | Hakan Olsson | |
2002-06-10 | kill __FUNCTION__ | Marc Espie | |
add __attribute__((format...) Fix one bad call. okay provos@ | |||
2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier | |
proxy port ranges. | |||
2002-06-10 | Remove mention of dynamic loading | Hakan Olsson | |
2002-06-10 | The dlopen() stuff goes away. | Hakan Olsson | |
2002-06-10 | Move enum out of struct (gcc 3.1 wasn't happy), from David Krause | Daniel Hartmeier | |
2002-06-10 | save some entropy in random key generation. oked by angelos many moons ago | Kjell Wooding | |
2002-06-10 | some olde version piece crept into my diffski; pt out by dfa@ | Michael Shalayeff | |