summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2002-06-18don't allow individual keep state rules to specify timeouts for 'interval' andMike Frantzen
2002-06-17only make -g available to root, by disabling setgid kmem; bunch of people okTheo de Raadt
2002-06-17A bit better. Remove debug cruft.Hakan Olsson
2002-06-16Rules must in order -> Rules must be in orderAaron Campbell
2002-06-15ecn_* policy attributes --- ok ho@Angelos D. Keromytis
2002-06-15Reset rulestate in parse_rules(), so consecutive calls (like from authpf)Daniel Hartmeier
2002-06-15Move ATA SMART defines to atactl.Grigoriy Orlov
2002-06-15Document transparent IPsec.Angelos D. Keromytis
2002-06-14spelling; from Brian Poole <raj@cerias.purdue.edu>Todd T. Fries
2002-06-14make the output of pfctl -k look nice againHenning Brauer
2002-06-14Recognize the ECN_TUNNEL attribute.Hakan Olsson
2002-06-14manpage for eui64Jun-ichiro itojun Hagino
2002-06-14add "eui64" option. from ww@styx.org. sync usage with reality.Jun-ichiro itojun Hagino
2002-06-14metric and mtu are u_long, not int.Jun-ichiro itojun Hagino
2002-06-13Fix the numbering of scrub rules. pointed out and oked by frantzen@Kjell Wooding
2002-06-12this stuff really belongs to stderr, not stdoutHenning Brauer
2002-06-12Rewrite for pf, plus some other small stuffHakan Olsson
2002-06-12Fix uninitialized access. Spotted by danh@ This is a good reason toKjell Wooding
2002-06-12Five higher MODP groups, but commented out for now (until IANA assignsHakan Olsson
2002-06-11Various IPComp-related modsHakan Olsson
2002-06-11set_spi: CPIs are 16 bit.Hakan Olsson
2002-06-11Don't send KEY extensions for IPCOMP.Hakan Olsson
2002-06-11Stupid 16-bit CPI numbers.Hakan Olsson
2002-06-11split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',Mike Frantzen
2002-06-11Typo in err()Kjell Wooding
2002-06-11Remove some unused code for dealing with nfs over kerberos. No actual change,Hans Insulander
2002-06-11Document kern.userasymcryptoAngelos D. Keromytis
2002-06-11nuke an unused parameter in pfctl_timeout. ok frantzen@Kjell Wooding
2002-06-11Add -N, -RKjell Wooding
2002-06-11Add -N and -R options. When used in conjunction withKjell Wooding
2002-06-11sync with realityHenning Brauer
2002-06-11KNF, remove function parameter namesDaniel Hartmeier
2002-06-11Remove parse_nat() prototype, it's gone. Yes, authpf is broken at theDaniel Hartmeier
2002-06-11Add $OpenBSD, license, include guards and remove one superfluousDaniel Hartmeier
2002-06-11print a string for UDP and OTHER state level instead of a numeric levelMike Frantzen
2002-06-11SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragmentsMike Frantzen
2002-06-11sync usage() with realityHenning Brauer
2002-06-11Make NAT proxy port range configurable per rule, for instance privilegedDaniel Hartmeier
2002-06-11rework pfctl statistics displayHenning Brauer
2002-06-10Merge the NAT and rules files into a single rulefile. Rules must beKjell Wooding
2002-06-10print ethernet address; ok provos@, itojun@Markus Friedl
2002-06-10permit DNS name (they are considered RTF_HOST if specified as destination).Jun-ichiro itojun Hagino
2002-06-10CPIs cannot be selected from the same range as SPIs.Hakan Olsson
2002-06-10Zap a few remaining libkeynote refs.Hakan Olsson
2002-06-10kill __FUNCTION__Marc Espie
2002-06-10Allow ports to be specified in nat rules, useful later on for individualDaniel Hartmeier
2002-06-10Remove mention of dynamic loadingHakan Olsson
2002-06-10The dlopen() stuff goes away.Hakan Olsson
2002-06-10Move enum out of struct (gcc 3.1 wasn't happy), from David KrauseDaniel Hartmeier
2002-06-10save some entropy in random key generation. oked by angelos many moons agoKjell Wooding