Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-11-13 | briefly describe phases 1 and 2, and use these terms more | Jason McIntyre | |
consistently in the rest of the page; help/ok hshoexer | |||
2006-11-13 | previous was not quite right; | Jason McIntyre | |
2006-11-13 | fix a macro mistake; | Jason McIntyre | |
2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride | |
ok msf@ | |||
2006-11-11 | Fix memory leak, from Charles Longeau, many okays | Pedro Martelletto | |
2006-11-11 | EXAMPLES was getting too lengthy, so trim some of the ones that were | Jason McIntyre | |
either obscure, bordering on the duplicate, or referring to pseudo devices; if you want examples for pseudo devices, put them in their specific man page, please. ok jcs | |||
2006-11-10 | landisk has no kbd(8) | Theo de Raadt | |
2006-11-10 | Add -nwid command to allow wireless interfaces to not prefer a specific | Michael Knudsen | |
access point. Does the same as nwid "" but since we have -nwkey for nwkey etc. this is nice for consistency. ok mbalmer reyk man stuff also ok jmc | |||
2006-11-10 | enable -g again | Alexander von Gernler | |
help from millert@, ok deraadt@ pedro@ | |||
2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel | |
fixes PR5262 ok hshoexer@ | |||
2006-11-10 | When using -vv, also show grouped SAs. | Hans-Joerg Hoexer | |
2006-11-10 | Fix grouping for SAs. Now all combinations of SAs are possible, | Hans-Joerg Hoexer | |
not only ESP+AH (ie. ESP inside AH). | |||
2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer | |
2006-11-10 | Print the interface that each queue is bound to in the pfctl -sq output | Joel Knight | |
ok henning@ | |||
2006-11-09 | trim SEE ALSO: there is no need to list every pseudo-device | Jason McIntyre | |
2006-11-09 | desireable -> desirable; | Jason McIntyre | |
2006-11-09 | support public keys w/o SubjectPublicKeyInfo (format: BEGIN RSA PUBLIC KEY) | Markus Friedl | |
ok ho, hshoexer | |||
2006-11-09 | oops | Theo de Raadt | |
2006-11-08 | sh machines also have a /usr/mdec/mbr | Theo de Raadt | |
2006-11-08 | add a -y flag, for non-interactive use | Theo de Raadt | |
2006-11-07 | Only try to recursively print rules if they are actually anchors. | Ryan Thomas McBride | |
2006-11-07 | Unbreak authpf by handling non-inline anchors separately from the { } anchors | Ryan Thomas McBride | |
as pf_find_or_create_ruleset() will mangle relative anchor names and wildcards. Also fixes some nits with nesting and printing inline anchors. ok deraadt@ | |||
2006-11-05 | Don't open a transaction for a ruleset unless it's a brace ruleset that | Ryan Thomas McBride | |
contains rules. Fixes DIOCXCOMMIT: Device busy when multiple anchors with the same name are specified. reported by ckuethe@ and mkb@crypt.org.ru | |||
2006-11-03 | storing return value of strtol() in int variable was not safe, | Alexander von Gernler | |
also strtol() result was not checked for under/overflow thus, rewrite getopt switch/cases with strtonum() and sensible bounds help from mickey@ millert@, ok millert@, no objections otto@ | |||
2006-11-03 | correctify example; | Jason McIntyre | |
from a mail posted to misc@ from uwe dippel; ok otto | |||
2006-11-02 | Check for newline before truncating. | Ray Lai | |
OK moritz@. | |||
2006-11-02 | Error out on empty string passed as device name. | Ray Lai | |
OK moritz@. | |||
2006-11-01 | sync usage(); ok mcbride | Jason McIntyre | |
2006-11-01 | tweaks; | Jason McIntyre | |
2006-11-01 | Don't recures ALL the time. | Ryan Thomas McBride | |
2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride | |
2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
ok hshoexer | |||
2006-11-01 | Document recursive printing of anchors via -a '*' or -a 'anchor/*'. | Ryan Thomas McBride | |
2006-10-31 | Allow a user to recursively print anchors including those without | Ryan Thomas McBride | |
reserved names, if a trailing * is specified in the anchor name. e.g. recursively print the main ruleset: pfctl -a '*' -sr Recursively print the spam anchor: pfctl -a 'spam*' pfctl -a 'spam/*' Also fix a bug which prevented the contents of inline anchors with explicit names from being loaded into the kernel. ok henning@ | |||
2006-10-31 | Document new behaviour of the -o (ruleset optimization) flag. | Ryan Thomas McBride | |
2006-10-31 | Allow pfctl ruleset optimizer to be controlled from the ruleset. | Ryan Thomas McBride | |
"set" "ruleset-optimization" [ "none" | "basic" | "profile" ] You can optionally control ruleset optimization with these keywords on the command line with the -o option; the command line setting will override the pf.conf setting. The existing -o/-oo flags continue to work as expected. cleanup and ok henning@ | |||
2006-10-31 | - don't allow anchors with _* names to be cleared or loaded from the | Ryan Thomas McBride | |
command line (but they can still be viewed) - don't allow users to specify _* as an anchor name in the ruleset - don't print _* anchor names with pfctl -sA unless -v is specified 'looks sensible' deraadt@ | |||
2006-10-29 | Fix TAILQ usage, preventing crashes | Pedro Martelletto | |
Okay henning@ krw@ millert@ hshoexer@ | |||
2006-10-28 | Load all rules into memory before loading into the kernel, and add support | Ryan Thomas McBride | |
for anchors loaded inline in pf.conf, enclosed in a brace-delimited block ("{" "}"). anchor on fxp0 { pass in proto tcp port 22 } The anchor name is optional on inline loaded anchors. testing ckuethe@ ok henning@ dhartmei@ | |||
2006-10-28 | prefer `buses' to `busses' for the noun plural; | Jason McIntyre | |
2006-10-27 | Sometimes a compromise is needed. | Marc Balmer | |
After a discussion with jmc and ckuethe. | |||
2006-10-27 | Fix a small typo in the manpage and while here add some space between | Marc Balmer | |
functions. | |||
2006-10-26 | - sort options | Jason McIntyre | |
- sync usage() | |||
2006-10-25 | Remove some unneeded externs. OK canacar@ | Moritz Jodeit | |
2006-10-25 | allow pflogd to listen on alternate pflog interfaces | Henning Brauer | |
"Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it evolved quite a bit... ok djm canacar berk | |||
2006-10-25 | make absolutely sure logif is 0 unless set specifically, even if log is 0. | Henning Brauer | |
logif is to be considered invalid unless log is set, but we need this to please the optimizer... | |||
2006-10-25 | teach the optimizer about logif, with & ok frantzen | Henning Brauer | |
2006-10-25 | and another nit, $$.log should be set to 0 explicitely on quick without log | Henning Brauer | |
2006-10-25 | add pflog to list of clonable devices; ok henning | Jason McIntyre | |
2006-10-25 | urgs, $$.quick needs to be set to 0 explicitely on log (without quick) | Henning Brauer | |