| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-08-25 | catch return-rst ttl values > 255, from aaron@ | Daniel Hartmeier | |
| 2003-08-24 | Tweaks: | Cedric Berger | |
| - Make sure we allow only tables in round-robin pools for routing options, same as what we do for translation rules. - Don't reject rules like: "nat on sis0 -> <foo>" because "no address family is given". This is perfectly valid. ok henning@ | |||
| 2003-08-24 | don't print info about duplicate emuls. gives the illusion there is only | Ted Unangst | |
| one linux emul and one freebsd emul. ok deraadt@ | |||
| 2003-08-23 | document necessity for sysctl to enable compat code. ok deraadt@ | Ted Unangst | |
| 2003-08-22 | correct printf arg mismatch (in 64bit arch). dhartmei ok | Jun-ichiro itojun Hagino | |
| 2003-08-22 | pf spelling police | David Krause | |
| ok dhartmei@ jmc@ | |||
| 2003-08-22 | move pfctl_file_fingerprints() call, table commands can use -f themselves | Daniel Hartmeier | |
| (like pfctl -t spammers -vvTt -f file, causing EPERM on DIOCOSFPFLUSH). | |||
| 2003-08-22 | KNF | Henning Brauer | |
| 2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen | |
| Exposes the source IP's operating system to the filter language. Interesting policy decisions are now enforceable: . block proto tcp from any os SCO . block proto tcp from any os Windows to any port smtp . rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001 | |||
| 2003-08-21 | emulation is now controlled by sysctl. changes: | Ted Unangst | |
| add e_flags to struct emul. this stores on/off and native flags. check for emul enabled in check_exec(). gather all the emuls into a emulsw so a sysctl can find them. create sysctl. move maxhdrsiz calcualation into init_main so it cleans up sys_execve codepath. teach sysctl utility to grok kern.emul hierarchy. requested and ok deraadt@ some comments from mickey@ | |||
| 2003-08-21 | More boot_foo Xr are valid now. | Miod Vallat | |
| 2003-08-20 | braindeadness police: catch queues which specify itself as child... 'nuff said | Henning Brauer | |
| 2003-08-20 | Zap an old "Identification" tag in this sample config. I have no idea | Hakan Olsson | |
| what it was supposed to do and in any case there is no reference to this tag in current code. Pointed out by Fridtjof Busse. | |||
| 2003-08-20 | catch invalid CBQ priorities earlier, including a better error message | Henning Brauer | |
| prodded by mpech@ | |||
| 2003-08-20 | err out nicer on errors in queue def | Henning Brauer | |
| 2003-08-20 | certpatch(8) can be used to create FQDN X509v3 extensions too. | Hakan Olsson | |
| From Fridtjof Busse, via henning@. Thanks. | |||
| 2003-08-18 | catch max-mss values > 65535, report by Gregory Steuck | Daniel Hartmeier | |
| 2003-08-18 | typos; ho@ | Markus Friedl | |
| note that ping is still not working on -current; however, SA/SPD/flow setup works for testing isakmpd/ipsec on a signle machine. | |||
| 2003-08-16 | more errx/warnx style \n errors; tom.cosgrove@arches-consulting.com | Theo de Raadt | |
| 2003-08-11 | Dynamic select(2) support; deraadt@ OK | Todd C. Miller | |
| 2003-08-09 | This patch remove the restriction that tables cannot be used in routing or | Cedric Berger | |
| redirection rules... The advantage of using tables in redirection/routing rules is not efficiency, in fact it will run slower than straight address pools. However, this brings a lot of flexibility to PF, allowing simple scripts/daemons to add/remove addresses from redirection/routing pools easily. This implementation support all table features, including cidr blocks and negated addresses. So specifying { 10.0.0.0/29 !10.0.0.0 !10.0.0.7 } will correctly round-robin between the six addresses: .1, .2, .3, .4, .5, .6. Tables can also be combined with simple addresses, so the following rule will work as expected: "nat on foo0 -> { 1.1.1.1 <bar> }" ok henning@ mcbride@ | |||
| 2003-08-09 | new sentence, new line + small cleanup; | Jason McIntyre | |
| ok ho@ | |||
| 2003-08-08 | refer to RFCs consistently (RFC XXXX); | Jason McIntyre | |
| 2003-08-08 | Be more careful when using constant_lookup() in messages. Pointed out by | Hakan Olsson | |
| Jean-Francois Dive, although I opted for a slightly different patch. | |||
| 2003-08-08 | Fine grained selectors for Linux native IPsec. From Jean-Francois Dive. | Hakan Olsson | |
| 2003-08-07 | add missing tags and make this compile with debug. | Federico G. Schwindt | |
| 2003-08-06 | Remove some double semicolons (hmm, do two semis equal a maxi?). | Todd C. Miller | |
| I've skipped the GNU stuff for now. From Patrick Latifi. | |||
| 2003-08-06 | Remove an unused variable and plug a memory leak; Patrick Latifi | Todd C. Miller | |
| 2003-08-06 | support ESP with cast/blowfish in KAME plattforms | Markus Friedl | |
| 2003-08-06 | support ESP with cast/blowfish on KAME platforms | Markus Friedl | |
| 2003-08-06 | ufs -> ffs as requested in pr3391. also rework part talking about | Ted Unangst | |
| slices/partitions to have more openbsd flavor. ok jmc@ | |||
| 2003-08-05 | print info about procfs now that it's there to look at | Ted Unangst | |
| 2003-08-05 | better wording for the -y option; | Jason McIntyre | |
| ok fgsch@ tedu@ | |||
| 2003-08-04 | Not every suggested patch is perfect :) | Daniel Hartmeier | |
| ERRX() has two effects: the message printing and goto _error; which causes exit(1). While we don't want the message if pfctl was invoked with -n, we DO want to abort. Otherwise subsequent 'load anchor' statements will get executed, for instance, and the return value is handy for scripts. | |||
| 2003-08-04 | nuke paragraph about snapshots. we don't support them. | Federico G. Schwindt | |
| henning millert ok. | |||
| 2003-08-04 | don't whine about "cannot load ruleset" when ruleset load wasn't desired | Henning Brauer | |
| (with pfctl -n) Jared Yanovich <phirerunner@comcast.net> | |||
| 2003-08-04 | spelling, freebsd pr50979 via khalek on irc | Ted Unangst | |
| 2003-07-31 | Make table tickets per-ruleset instead of global. | Cedric Berger | |
| Make table tickets u_int32_t for consistency with other parts of PF. Ok dhartmei@ henning@ | |||
| 2003-07-31 | remove the old tree when we find a new ticket. | Kenjiro Cho | |
| this fixes printing obsolete (non-existent) queues. ok henning@ | |||
| 2003-07-30 | Remove my email address from my entry in the AUTHORS section | Todd C. Miller | |
| 2003-07-30 | NULL -> (char *)NULL in execle; ok millert@ | Anil Madhavapeddy | |
| 2003-07-30 | change SIOCDIFADDR/SIOCAIFADDR warnings into errors (now this has correct | Peter Valchev | |
| return code in certain cases); ok henning itojun | |||
| 2003-07-29 | more pretty | Ted Unangst | |
| 2003-07-29 | If euid == 0 make datasize unlimited instead of cranking to the max | Todd C. Miller | |
| value returned by getrlimit(). Avoid resource limit issues when fscking very large filesystems. | |||
| 2003-07-29 | Remove space at end of line. | Cedric Berger | |
| Ok dhartmei@ henning@ | |||
| 2003-07-29 | indent | Theo de Raadt | |
| 2003-07-29 | spaces | Theo de Raadt | |
| 2003-07-29 | off-by-one in a printf %s | Anil Madhavapeddy | |
| markus@ ok a while back | |||
| 2003-07-28 | tweak; | Jason McIntyre | |
| ok tedu@ | |||
| 2003-07-28 | growfs | Ted Unangst | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |