summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2002-06-17only make -g available to root, by disabling setgid kmem; bunch of people okTheo de Raadt
2002-06-17A bit better. Remove debug cruft.Hakan Olsson
2002-06-16Rules must in order -> Rules must be in orderAaron Campbell
2002-06-15ecn_* policy attributes --- ok ho@Angelos D. Keromytis
2002-06-15Reset rulestate in parse_rules(), so consecutive calls (like from authpf)Daniel Hartmeier
will not fail. Reported by Chris Kuethe.
2002-06-15Move ATA SMART defines to atactl.Grigoriy Orlov
No kernel parts use this constants. From Alexander Yurchenko <grange@rt.mipt.ru>
2002-06-15Document transparent IPsec.Angelos D. Keromytis
2002-06-14spelling; from Brian Poole <raj@cerias.purdue.edu>Todd T. Fries
2002-06-14make the output of pfctl -k look nice againHenning Brauer
noticed by pb@ ok dhartmei@
2002-06-14Recognize the ECN_TUNNEL attribute.Hakan Olsson
2002-06-14manpage for eui64Jun-ichiro itojun Hagino
2002-06-14add "eui64" option. from ww@styx.org. sync usage with reality.Jun-ichiro itojun Hagino
2002-06-14metric and mtu are u_long, not int.Jun-ichiro itojun Hagino
2002-06-13Fix the numbering of scrub rules. pointed out and oked by frantzen@Kjell Wooding
2002-06-12this stuff really belongs to stderr, not stdoutHenning Brauer
pointed out by ho@ ok dhartmei@, kjell@
2002-06-12Rewrite for pf, plus some other small stuffHakan Olsson
2002-06-12Fix uninitialized access. Spotted by danh@ This is a good reason toKjell Wooding
develop with "ln -s 'J' /etc/malloc.conf" enabled. ok henning@
2002-06-12Five higher MODP groups, but commented out for now (until IANA assignsHakan Olsson
them proper numbers).
2002-06-11Various IPComp-related modsHakan Olsson
2002-06-11set_spi: CPIs are 16 bit.Hakan Olsson
flow: accept IPComp flows.
2002-06-11Don't send KEY extensions for IPCOMP.Hakan Olsson
2002-06-11Stupid 16-bit CPI numbers.Hakan Olsson
2002-06-11split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',Mike Frantzen
'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking
2002-06-11Typo in err()Kjell Wooding
2002-06-11Remove some unused code for dealing with nfs over kerberos. No actual change,Hans Insulander
just some #ifdef'ed out code removed. ok deraadt@, art@ and csapuntz@
2002-06-11Document kern.userasymcryptoAngelos D. Keromytis
2002-06-11nuke an unused parameter in pfctl_timeout. ok frantzen@Kjell Wooding
2002-06-11Add -N, -RKjell Wooding
2002-06-11Add -N and -R options. When used in conjunction withKjell Wooding
pfctl -f <rulefile> they allow just the nat or filter rules to be reloaded, respectively. The default (no flags) is to load everything. If -N is specified, any existing filter rules are retained, similarly for -R. ok deraadt@, dhartmei@
2002-06-11sync with realityHenning Brauer
ok dhartmei@
2002-06-11KNF, remove function parameter namesDaniel Hartmeier
2002-06-11Remove parse_nat() prototype, it's gone. Yes, authpf is broken at theDaniel Hartmeier
moment.
2002-06-11Add $OpenBSD, license, include guards and remove one superfluousDaniel Hartmeier
prototype. From Chris Kuethe
2002-06-11print a string for UDP and OTHER state level instead of a numeric levelMike Frantzen
ok dhartmei@, henning@
2002-06-11SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragmentsMike Frantzen
without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@
2002-06-11sync usage() with realityHenning Brauer
2002-06-11Make NAT proxy port range configurable per rule, for instance privilegedDaniel Hartmeier
source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@
2002-06-11rework pfctl statistics displayHenning Brauer
move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@
2002-06-10Merge the NAT and rules files into a single rulefile. Rules must beKjell Wooding
in this order, to remove any ambiguity about what order things happen in: scrub rules nat rules filter rules The -N and -R modifiers go away. Rulefiles are now loaded with the more POSIXly-correct '-f' ok frantzen@
2002-06-10print ethernet address; ok provos@, itojun@Markus Friedl
2002-06-10permit DNS name (they are considered RTF_HOST if specified as destination).Jun-ichiro itojun Hagino
PR 2152
2002-06-10CPIs cannot be selected from the same range as SPIs.Hakan Olsson
2002-06-10Zap a few remaining libkeynote refs.Hakan Olsson
2002-06-10kill __FUNCTION__Marc Espie
add __attribute__((format...) Fix one bad call. okay provos@
2002-06-10Allow ports to be specified in nat rules, useful later on for individualDaniel Hartmeier
proxy port ranges.
2002-06-10Remove mention of dynamic loadingHakan Olsson
2002-06-10The dlopen() stuff goes away.Hakan Olsson
2002-06-10Move enum out of struct (gcc 3.1 wasn't happy), from David KrauseDaniel Hartmeier
2002-06-10save some entropy in random key generation. oked by angelos many moons agoKjell Wooding
2002-06-10some olde version piece crept into my diffski; pt out by dfa@Michael Shalayeff