| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-05-17 | document tags | David Krause | |
| ok henning@ | |||
| 2003-05-16 | tweak; | Jason McIntyre | |
| ok dhartmei@ | |||
| 2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier | |
| 'synproxy state' for TCP connections. pf will complete the TCP handshake with the active endpoint before passing any packets to the passive end- point, preventing spoofed SYN floods from reaching the passive endpoint. No additional memory requirements, no cookies needed, random initial sequence numbers, uses the existing sequence number modulators to translate packets after the handshakes. ok frantzen@ | |||
| 2003-05-16 | removed unnecessary macros: | Jason McIntyre | |
| - don't need .Pp before/after .Sh - don't need .Ns before punctuation ok krw@ millert@ david@ | |||
| 2003-05-15 | tweak; | Jason McIntyre | |
| ok frantzen@ | |||
| 2003-05-15 | document scrub opt "reassemble tcp" | Mike Frantzen | |
| 2003-05-12 | Use an example that acutally makes some sense. | Daniel Hartmeier | |
| 2003-05-12 | Adaptive timeout value scaling. Allows to reduce timeout values as the | Daniel Hartmeier | |
| number of state table entries grows, so entries time out faster before the table fills up. Works both globally and per-rule. ok frantzen@ | |||
| 2003-05-11 | document the dynamic min-ttl TCP scrub behavior | Mike Frantzen | |
| 2003-05-10 | 'return' now causes an ICMP unreachable for non-TCP/UDP/ICMP protocols. | Daniel Hartmeier | |
| 2003-05-10 | uppercase all non-literals in BNF.. might make some stuff more clear ;) | Philipp Buehler | |
| commitski henning@ | |||
| 2003-05-10 | quote non-alphabetic literals | Philipp Buehler | |
| 'over the desk' oks.. | |||
| 2003-05-10 | BNF for load anchor stuff | Henning Brauer | |
| 2003-05-06 | fix formatting in the BNF | Henning Brauer | |
| 2003-05-01 | BNF update for label on antispoof | Henning Brauer | |
| 2003-04-29 | document hfsc | Henning Brauer | |
| mostly from Berk D. Demir <bdd at ieee.org> with tweaks by me some nits and ok jmc@ | |||
| 2003-04-29 | port 8081 -> 8021 for ftp-proxy in the examples, so it matches pf.conf | Daniel Hartmeier | |
| and inetd.conf defaults | |||
| 2003-04-25 | added two missing .El macros; | Jason McIntyre | |
| ok henning@ | |||
| 2003-04-19 | BNF update for hfsc | Henning Brauer | |
| 2003-04-19 | mention hfsc. | Henning Brauer | |
| this needs more work. | |||
| 2003-04-05 | document queue .. on $interface | Henning Brauer | |
| ok jmc@ | |||
| 2003-04-01 | 'flags X' is not valid (BNF lied) | Philipp Buehler | |
| henning@ ok | |||
| 2003-04-01 | anchors in BNF | Philipp Buehler | |
| (from loki at niteshade . net) | |||
| 2003-03-22 | Cleanup for release: | David Krause | |
| remove some unneeded escaping of spaces "\ " indent by 6 spaces in a few places to match the rest of the file fix a few lines that were improperly wrapped or not wrapped to the next line update sample rule expansion to match current state of pfctl output fix spacing in a few places fix a small typo found by jmc@ updated a few example rules so that they parse with current pfctl ok henning@ jmc@ | |||
| 2003-03-20 | replace some .Pp inside .Bd -literal block with empty line | David Krause | |
| remove an uneeded .Pp kill whitespace at eol ok jmc@ | |||
| 2003-03-13 | and bandwidth is bits per second | Henning Brauer | |
| 2003-03-13 | bits not bytes; fk@spoiled.org | Theo de Raadt | |
| 2003-03-12 | fair amount of clarifications, extensions, and corrections | Henning Brauer | |
| from joel knight <enabled at myrealbox.com>, some tweaks by me, some by jmc@ ok dhartmei@ mcbride@ cedric@ | |||
| 2003-03-10 | small changes to mike's random-id section; | Jason McIntyre | |
| ok frantzen@ | |||
| 2003-03-10 | use Pa for paths more | Theo de Raadt | |
| 2003-03-10 | few minor tweaks | Theo de Raadt | |
| 2003-03-10 | removal of .Ic for examples. | Jason McIntyre | |
| this was messing the postscript output. | |||
| 2003-03-09 | - document that scrub 'no-df' is sometimes necessary for "certain" OS's NFS | Mike Frantzen | |
| - suggest 'random-id' with 'no-df' since "certain" OSes set ip->ip_id to zero ok deraadt@ henning@ | |||
| 2003-03-06 | date should be written formally: .Dd Month day, year | David Krause | |
| also fixes a few misspellings of the month ok henning@ jmc@ | |||
| 2003-03-04 | Add a paragraph explaining possible unwanted side-effects of redirecting | Daniel Hartmeier | |
| to the loopback address. | |||
| 2003-03-04 | more oops | Theo de Raadt | |
| 2003-03-04 | oops | Theo de Raadt | |
| 2003-03-04 | wrap Ic in Xo/Xc until fixed | Theo de Raadt | |
| 2003-03-04 | leave my cave to clarify the caveats of state modulation | Mike Frantzen | |
| mdoc incantations from jmc@ ok henning@ deraadt@ | |||
| 2003-03-04 | show example of string concat in macro assign | Theo de Raadt | |
| 2003-03-04 | fix .Bl width, pt out by theo | Henning Brauer | |
| 2003-03-04 | Fix limit BNF part, since we don't quote token literals, use limit-item, | Daniel Hartmeier | |
| and limit-list is already a list (due to the recursive definition) which can also consist of just one entry, so no need for {}. Found by Maik Kuendig | |||
| 2003-03-04 | update BNF for 'queue ( q_def, q_pri )' and similar in filteropts | Philipp Buehler | |
| ok henning@ | |||
| 2003-03-04 | other.single was missing in the BNF section, from Maik Kuendig | Daniel Hartmeier | |
| 2003-03-04 | format nicer | Henning Brauer | |
| 2003-03-04 | lies | Henning Brauer | |
| 2003-03-04 | make the label example actually work... (missing quotes) | Henning Brauer | |
| 2003-03-04 | fix .Bl width in translation section | Henning Brauer | |
| 2003-03-04 | fix width in set block-policy list | Henning Brauer | |
| 2003-03-04 | pfctl -T create is no more | Henning Brauer | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |