| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-11-20 | -K argument to kill source tracking nodes explicitly, behaves like the | Ryan Thomas McBride | |
| -k argument for killing states; From Berk D. Demir <bdd@mindcast.org> ok dhartmei henning | |||
| 2006-11-20 | knf: sizeof x -> sizeof(x) | Jun-ichiro itojun Hagino | |
| 2006-11-19 | Default snaplen has been 116 for a while now. | Joel Knight | |
| 2006-11-19 | Try DIOCGPDINFO before DIOCGDINFO when trying to determine the 'label' | Kenneth R Westerback | |
| geometry for a unit. DIOCGPDINFO avoids using the on-disk label or the cached copy of it and returns a 'spoofed' label that retains the geometry info placed in the label by the driver. Unfortunately DIOCGPDINFO is not universally implemented, though sd and wd do. This is what disklabel(8) does when it wants geometry so this makes fdisk a bit more consistant with disklabel. This fixes 'fdisk -i' and 'reinit' when trying to install from a miniroot on, e.g., landisk. i.e. no need to zero out the disklabel before doing 'fdisk -i'. 'get it in snaps' deraadt@ | |||
| 2006-11-17 | change semantics of ff01::/16 to interface local multicast | Jun-ichiro itojun Hagino | |
| (to sync up with more recent IPv6 spec) ok from: deraadt mcbride | |||
| 2006-11-16 | only look at routing table 0 (main one) | Henning Brauer | |
| 2006-11-16 | make RFC2292/3542 selection automagically happen. | Jun-ichiro itojun Hagino | |
| 2006-11-15 | remove KAME_SCOPEID #ifdef. | Jun-ichiro itojun Hagino | |
| __KAME__ should suffice (__KAME__ should be nuked too?) | |||
| 2006-11-14 | memory requirements are relevant only for mount_mfs; ok jmc@ | Otto Moerbeek | |
| 2006-11-13 | briefly describe phases 1 and 2, and use these terms more | Jason McIntyre | |
| consistently in the rest of the page; help/ok hshoexer | |||
| 2006-11-13 | previous was not quite right; | Jason McIntyre | |
| 2006-11-13 | fix a macro mistake; | Jason McIntyre | |
| 2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride | |
| ok msf@ | |||
| 2006-11-11 | Fix memory leak, from Charles Longeau, many okays | Pedro Martelletto | |
| 2006-11-11 | EXAMPLES was getting too lengthy, so trim some of the ones that were | Jason McIntyre | |
| either obscure, bordering on the duplicate, or referring to pseudo devices; if you want examples for pseudo devices, put them in their specific man page, please. ok jcs | |||
| 2006-11-10 | landisk has no kbd(8) | Theo de Raadt | |
| 2006-11-10 | Add -nwid command to allow wireless interfaces to not prefer a specific | Michael Knudsen | |
| access point. Does the same as nwid "" but since we have -nwkey for nwkey etc. this is nice for consistency. ok mbalmer reyk man stuff also ok jmc | |||
| 2006-11-10 | enable -g again | Alexander von Gernler | |
| help from millert@, ok deraadt@ pedro@ | |||
| 2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel | |
| fixes PR5262 ok hshoexer@ | |||
| 2006-11-10 | When using -vv, also show grouped SAs. | Hans-Joerg Hoexer | |
| 2006-11-10 | Fix grouping for SAs. Now all combinations of SAs are possible, | Hans-Joerg Hoexer | |
| not only ESP+AH (ie. ESP inside AH). | |||
| 2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer | |
| 2006-11-10 | Print the interface that each queue is bound to in the pfctl -sq output | Joel Knight | |
| ok henning@ | |||
| 2006-11-09 | trim SEE ALSO: there is no need to list every pseudo-device | Jason McIntyre | |
| 2006-11-09 | desireable -> desirable; | Jason McIntyre | |
| 2006-11-09 | support public keys w/o SubjectPublicKeyInfo (format: BEGIN RSA PUBLIC KEY) | Markus Friedl | |
| ok ho, hshoexer | |||
| 2006-11-09 | oops | Theo de Raadt | |
| 2006-11-08 | sh machines also have a /usr/mdec/mbr | Theo de Raadt | |
| 2006-11-08 | add a -y flag, for non-interactive use | Theo de Raadt | |
| 2006-11-07 | Only try to recursively print rules if they are actually anchors. | Ryan Thomas McBride | |
| 2006-11-07 | Unbreak authpf by handling non-inline anchors separately from the { } anchors | Ryan Thomas McBride | |
| as pf_find_or_create_ruleset() will mangle relative anchor names and wildcards. Also fixes some nits with nesting and printing inline anchors. ok deraadt@ | |||
| 2006-11-05 | Don't open a transaction for a ruleset unless it's a brace ruleset that | Ryan Thomas McBride | |
| contains rules. Fixes DIOCXCOMMIT: Device busy when multiple anchors with the same name are specified. reported by ckuethe@ and mkb@crypt.org.ru | |||
| 2006-11-03 | storing return value of strtol() in int variable was not safe, | Alexander von Gernler | |
| also strtol() result was not checked for under/overflow thus, rewrite getopt switch/cases with strtonum() and sensible bounds help from mickey@ millert@, ok millert@, no objections otto@ | |||
| 2006-11-03 | correctify example; | Jason McIntyre | |
| from a mail posted to misc@ from uwe dippel; ok otto | |||
| 2006-11-02 | Check for newline before truncating. | Ray Lai | |
| OK moritz@. | |||
| 2006-11-02 | Error out on empty string passed as device name. | Ray Lai | |
| OK moritz@. | |||
| 2006-11-01 | sync usage(); ok mcbride | Jason McIntyre | |
| 2006-11-01 | tweaks; | Jason McIntyre | |
| 2006-11-01 | Don't recures ALL the time. | Ryan Thomas McBride | |
| 2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride | |
| 2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
| ok hshoexer | |||
| 2006-11-01 | Document recursive printing of anchors via -a '*' or -a 'anchor/*'. | Ryan Thomas McBride | |
| 2006-10-31 | Allow a user to recursively print anchors including those without | Ryan Thomas McBride | |
| reserved names, if a trailing * is specified in the anchor name. e.g. recursively print the main ruleset: pfctl -a '*' -sr Recursively print the spam anchor: pfctl -a 'spam*' pfctl -a 'spam/*' Also fix a bug which prevented the contents of inline anchors with explicit names from being loaded into the kernel. ok henning@ | |||
| 2006-10-31 | Document new behaviour of the -o (ruleset optimization) flag. | Ryan Thomas McBride | |
| 2006-10-31 | Allow pfctl ruleset optimizer to be controlled from the ruleset. | Ryan Thomas McBride | |
| "set" "ruleset-optimization" [ "none" | "basic" | "profile" ] You can optionally control ruleset optimization with these keywords on the command line with the -o option; the command line setting will override the pf.conf setting. The existing -o/-oo flags continue to work as expected. cleanup and ok henning@ | |||
| 2006-10-31 | - don't allow anchors with _* names to be cleared or loaded from the | Ryan Thomas McBride | |
| command line (but they can still be viewed) - don't allow users to specify _* as an anchor name in the ruleset - don't print _* anchor names with pfctl -sA unless -v is specified 'looks sensible' deraadt@ | |||
| 2006-10-29 | Fix TAILQ usage, preventing crashes | Pedro Martelletto | |
| Okay henning@ krw@ millert@ hshoexer@ | |||
| 2006-10-28 | Load all rules into memory before loading into the kernel, and add support | Ryan Thomas McBride | |
| for anchors loaded inline in pf.conf, enclosed in a brace-delimited block ("{" "}"). anchor on fxp0 { pass in proto tcp port 22 } The anchor name is optional on inline loaded anchors. testing ckuethe@ ok henning@ dhartmei@ | |||
| 2006-10-28 | prefer `buses' to `busses' for the noun plural; | Jason McIntyre | |
| 2006-10-27 | Sometimes a compromise is needed. | Marc Balmer | |
| After a discussion with jmc and ckuethe. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |