summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2003-05-15(c)Hakan Olsson
2003-05-14add scrub modifier "reassemble tcp" to turn on stateful TCP normalizationsMike Frantzen
ok henning@ dhartmei@
2003-05-14properly terminate debug string (levels >=40)Kjell Wooding
Use "%.*s" as suggested by Niklas. ok ho@. Lost by kjell. oked ho@. lost by kjell again. oked ho@
2003-05-14Remove the .if/.endif stuff that gmake does not understand.Hakan Olsson
Replace with a comment about needing keynote for policy.
2003-05-14tagging on binatHenning Brauer
2003-05-14enabled tagging on rdr rulesHenning Brauer
2003-05-14Call the FreeS/WAN sysdep 'freeswan'. The 'linux' sysdep will be native ↵Hakan Olsson
Linux IPSec.
2003-05-14Default public key directory definition sanity.Hakan Olsson
2003-05-14Policy file default defined twice, kill the local copy.Hakan Olsson
2003-05-14Fix a typo (in unused code).Hakan Olsson
2003-05-14I did not test this enough. Unbreak.Hakan Olsson
2003-05-14pflogd now uses the new pflog link type. Trying to append to an existingCan Erkin Acar
old-style logfile will fail. Move away old log files. ok henning@ dhartmei@ frantzen@
2003-05-14Minor format string correctness.Chad Loder
OK deraadt, ian darwin
2003-05-14The ramdac's hater club is proud to present new yet another SBus frameMiod Vallat
bufer driver, this time for the Southland Media Systems (now Quantum 3D) MGX and MGXPlus cards. Not complete, but a good start.
2003-05-14with tag/tagged given, only whine about missing keep state on pass rulesHenning Brauer
2003-05-14allow SCRUB rules to specify protocol again. broken sometime in the past.Mike Frantzen
okie dhartmei@, yay pb@
2003-05-14tags on nat rules:Henning Brauer
nat on $ext_if all tag humppa -> $ext_if pass out tagged hummpa keep state
2003-05-14gotta xref boot_hppa from hereMichael Shalayeff
2003-05-14move ETHERTYPE_xx declarations to <net/ethertypes.h>. meets netbsd practice.Jun-ichiro itojun Hagino
deraadt ok
2003-05-14Add the -q flag to suppress all output when setting a variableJean-Francois Brousseau
with -w ok jsyn@, millert@
2003-05-14print the redirection target for nat/rdr/binat slighly later.Henning Brauer
no functional difference (yet)
2003-05-13make sure tagging is only ever used with stateful filter rulesHenning Brauer
2003-05-13correct rule printingHenning Brauer
2003-05-13userland part for tagging.Henning Brauer
it's now possible to tag packets with an arbitary tag and filter based on that tag later on other interfaces: pass in quick on fxp0 keep state tag blah pass out quick on wi0 keep state with tag blah can be used to express trust between interfaces, to distinguish between NATed connections and connection originating from teh firewall itself and much more ok dhartmei@ frantzen@ pb@ mcbride@
2003-05-12update for mount args changeTed Unangst
2003-05-12update for mount args changesTed Unangst
2003-05-12Update with some data for NAT-T specific payload types, IKEv2Hakan Olsson
notifications, ISAKMP EAP code and types, plus fix an old typo.
2003-05-12AES -> AES_128_CBCHakan Olsson
2003-05-12Add two more encapsulation types (UDP encap, potential future NAT-T)Hakan Olsson
Add BLOCK_SIZE attribute Rename IPSEC_ESP_AES -> IPSEC_ESP_AES_128_CBC.
2003-05-12Adaptive timeout value scaling. Allows to reduce timeout values as theDaniel Hartmeier
number of state table entries grows, so entries time out faster before the table fills up. Works both globally and per-rule. ok frantzen@
2003-05-11Slight style fix for .cst files. Permit comments also after a definition.Hakan Olsson
2003-05-11fix ID-type for ipv6; ok niklas; report friesMarkus Friedl
2003-05-11Don't ntohs() the translation port for nat as it is already in host byte order.Ryan Thomas McBride
Makes nat ... -> $ext_if port 500 rules work correctly again. ok henning@ dhartemi@ frantzen@
2003-05-10typos;Jason McIntyre
2003-05-10typo;Jason McIntyre
2003-05-10- setup -> set upJason McIntyre
- .Xr to itself -> .Nm
2003-05-10document that kernel automatically handles first swap partitionJason McIntyre
("swap_device" in swapctl -l) and does not need to be added to /etc/fstab. krw@, fries@, rohee@, millert@, henning@ ok.
2003-05-10support loading of anchors from within the main ruleset viaHenning Brauer
load anchor anchorname:rulesetname file /path/to/file ok pb@ dhartmei@ cedric@
2003-05-09No longer need -lcompatTodd C. Miller
2003-05-08Close sockets (otherwise the file handle limit can be reached when manyDaniel Hartmeier
queues are defined). Reported by Fernando Braga. ok henning@
2003-05-07typo.Jason McIntyre
2003-05-06KNF while I'm hereHenning Brauer
2003-05-06for hw.sensors, print stuff in a human friendly way - temperatures inHenning Brauer
degC and degF, fan speed in RPM, and voltages in (surprise) V. theo, millert, grange agree
2003-05-06remove FSIRAND define and make it non-optional. ok millert@Ted Unangst
2003-05-06after switch to mmap, we need to zero other malloc'd data. use calloc.Ted Unangst
2003-05-05Describe format of pfctl -sl output, reported by Alejandro G. Belluscio.Daniel Hartmeier
2003-05-03these files all had >9 arguments to .Nd, causing the name description to beJason McIntyre
truncated. i wrapped them in double quotes to preserve the line. grep inspired by an -mdoc lesson from millert@
2003-05-03The 'memleft' calcuations assume that the data address starts atTodd C. Miller
0, which is no longer the case. So instead of the hokey private malloc() implementation, just use mmap. From diffs I ran on anoncvs.usa 4 years ago.
2003-05-03don't free() the char * carrying the rule label too earlyHenning Brauer
noticed by Mathieu Sauve-Frankel <m.sauve at secureops.net> via silc
2003-05-01ease label handlingHenning Brauer
ok cedric@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 11:42:38 +0000