summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2005-05-27Use rtm_fmask instead of rtm_useRyan Thomas McBride
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27Make monitor.c use unsigned lengths in messages. Makes this compileChad Loder
2005-05-27filtering on ruleset name is already implemented, document it.Daniel Hartmeier
2005-05-27show flow type (require, use, etc.)Hans-Joerg Hoexer
2005-05-27Additional paranoia. OK hshoexerChad Loder
2005-05-27Use SADB_SATYPE_* instead of IPPROTO_*Hans-Joerg Hoexer
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
2005-05-27get rid of shift/reduce conflicts, don't support empty logoptsDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-27When looping over pfkey messages, make sure extension length is > 0.Hans-Joerg Hoexer
2005-05-27use new sysctl to retrieve flow informations including IDsHans-Joerg Hoexer
2005-05-27o only pass signals from monitor to slave when pid is validMoritz Jodeit
2005-05-27move m_state.s directly into must_{read,write} instead of passingMoritz Jodeit
2005-05-27remove unused tableHans-Joerg Hoexer
2005-05-27Support for dumping the SADB.Hans-Joerg Hoexer
2005-05-27Experimental support for opportunitic use of jumbograms where only some hostsRyan Thomas McBride
2005-05-27guarantee nul-termination in the monitor, we must. ok cloder@ hshoexer@Moritz Jodeit
2005-05-27allow 'tagged' in 'anchor' rules (without complaining about missingDaniel Hartmeier
2005-05-26simplify read/write between child and monitorHans-Joerg Hoexer
2005-05-26Add ARGSUSED for lint, one comment for meHans-Joerg Hoexer
2005-05-26The illegalness of "no nat log" is already enforced by the grammar.Camiel Dobbelaar
2005-05-26remove traces from union et al; pedro@ ok.Federico G. Schwindt
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier
2005-05-26support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patchDaniel Hartmeier
2005-05-26Use TAILQ_FOREACH where possible, remove payload_last()Hans-Joerg Hoexer
2005-05-26add log_errorx() which doesn't print the errno value. ok hshoexer@Moritz Jodeit
2005-05-26introduce ISAKMP_PAYLOAD_MAXHans-Joerg Hoexer
2005-05-26get rid of payload mappingHans-Joerg Hoexer
2005-05-26remove hiding of interface family groupsHenning Brauer
2005-05-26Handle strdup returning NULL. OK hshoexerChad Loder
2005-05-26switch the max_src_{states,conn,conn_rate} from superblock breaks to superblockMike Frantzen
2005-05-26disallow interface group names that end in a digit to differentiate them fromMike Frantzen
2005-05-26remove reference to MNT_UNIONPedro Martelletto
2005-05-26bye byePedro Martelletto
2005-05-26remove the stackable filesystemsPedro Martelletto
2005-05-26Clean up some cleanup code. Fixes at least one leak, possibly more.Chad Loder
2005-05-25make the remaining pf_rule fields named superblock BREAKs instead just lettingMike Frantzen
2005-05-25make the optimizer safe in the presence of interface groups. they must act asMike Frantzen
2005-05-25Fix a commentHans-Joerg Hoexer
2005-05-25rearrange order of messages sent to the kernelHans-Joerg Hoexer
2005-05-25set incoming flows to "use", outgoing to "require"Hans-Joerg Hoexer
2005-05-25prepare for new sysctl interface, not used yetHans-Joerg Hoexer
2005-05-25do not swap srcid/dstid for INOUT rules.Hans-Joerg Hoexer
2005-05-25use bzeroHans-Joerg Hoexer
2005-05-25add ifconfig -M option to replace wicontrol -L and -l for ap scanningReyk Floeter
2005-05-25aesctr and null supportMarkus Friedl
2005-05-24Identify states that will not be synchronised in pfctl -vvss output.Christopher Pascoe
2005-05-24fix minor ouput glitch, by using strtonum instead of strtol.Moritz Jodeit