| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-05-16 | document LP64_ARCHS | Peter Valchev | |
| 2004-05-09 | route-to -> reply-to in one case where it was swapped, from | Daniel Hartmeier | |
| Christopher Pascoe | |||
| 2004-05-06 | document comment characters; jmc ok | Theo de Raadt | |
| 2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen | |
| sequence numbers by taking advantage of the maximum 1KHz clock as an upperbound on the timestamp. Typically gains 10 to 18 bits of additional security against blind data insertion attacks. More if the TS Echo wasn't optional :-( Enabled with: scrub on !lo0 all reassemble tcp ok dhartmei@. documentation help from jmc@ | |||
| 2004-04-24 | Add "probability xxx" rule modifier. ok deraadt@ | Cedric Berger | |
| 2004-04-16 | list/display fixes, and whitespace; | Jason McIntyre | |
| 2004-04-04 | - fix an .El in the wrong place | Jason McIntyre | |
| - add a .Pp - kill a stray space - new sentence, new line from Joel Knight; | |||
| 2004-03-31 | vender -> vendor, from John Bajana-Bacalle | Daniel Hartmeier | |
| 2004-02-24 | correct includes; | Jason McIntyre | |
| ok deraadt@ fgsch@ | |||
| 2004-02-24 | 'source-track' not 'source-tracking' | Ryan Thomas McBride | |
| 2004-02-19 | escape full stops where necessary to kill erroneous double spaces; | Jason McIntyre | |
| softly, softly, catchy monkey... | |||
| 2004-02-18 | sync the list of variables held in SUBST_VARS; | Xavier Santolaria | |
| ok espie@. | |||
| 2004-02-10 | make Nm match Dt; | Jason McIntyre | |
| 2004-02-10 | slight sync with header; | Jason McIntyre | |
| ok otto@ | |||
| 2004-02-09 | help makewhatis produce correct entries. | Marc Espie | |
| okay deraadt@ | |||
| 2004-02-08 | Update FD_SETSIZE value to 1024. Spotted by and ok jmc@ | Otto Moerbeek | |
| 2004-02-08 | kill whitespace at EOL; | Jason McIntyre | |
| new sentence, new line; | |||
| 2004-02-07 | document per-${PKGPATH} settings. | Marc Espie | |
| document that WRKOBJDIR is always defined, but can be left empty now. | |||
| 2004-02-07 | document new show=name1 name2... | Marc Espie | |
| 2004-02-04 | upper case ip; | Jason McIntyre | |
| 2004-02-04 | Document 'set limit src-nodes' | Ryan Thomas McBride | |
| 2004-02-01 | s/an union/a union/ | Jason McIntyre | |
| 2004-02-01 | Grok union like struct in genassym.cf. Will be needed shortly. | Miod Vallat | |
| 2004-01-30 | have to specify a + to enable yp support. | Otto Moerbeek | |
| ok miod@ jmc@ | |||
| 2004-01-29 | more consistent; from Okan Demirmen; | Jason McIntyre | |
| ok deraadt@ | |||
| 2004-01-28 | be explicit about fake hooks. | Marc Espie | |
| prompted by Sam Smith... | |||
| 2004-01-23 | `Ns' implies `No', so `Ns No' -> `Ns'; (even simpler in adduser(8)) | Jason McIntyre | |
| discussed with todd@ | |||
| 2004-01-22 | document PKG_ARCH | Marc Espie | |
| 2004-01-18 | document port specific systrace.filter | Nikolay Sturm | |
| 2004-01-12 | FILESDIR no longer holds "at least the checksum file" | Jolan Luff | |
| from Andrew Dalgleish | |||
| 2004-01-06 | group-locked -> group-bound, from J. Knight | Cedric Berger | |
| 2004-01-04 | typo | Jolan Luff | |
| 2003-12-31 | typos; | Jason McIntyre | |
| 2003-12-31 | Many improvements to the handling of interfaces in PF. | Cedric Berger | |
| 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@ | |||
| 2003-12-18 | document `b0' and `b1' attributes; | Jason McIntyre | |
| 2003-12-15 | - kill whitespace at EOL | Jason McIntyre | |
| - new sentence, new line - kill blank line - missing .El - missing escape - ip -> IP - greate -> create | |||
| 2003-12-15 | Add support to track stateful connections by source ip. This allows us | Ryan Thomas McBride | |
| to: - Ensure that clients get a consistent IP mapping with load-balanced translation/routing rules - Limit the number of simultaneous connections a client can make - Limit the number of clients which can connect through a rule ok dhartmei@ deraadt@ | |||
| 2003-12-11 | Add id_t type as per POSIX and use it for [gs]etpriority(2). | Todd C. Miller | |
| OK henning@ and deraadt@ | |||
| 2003-12-11 | POSIX says rlim_t should be unsigned so make it u_quad_t. Also add | Todd C. Miller | |
| POSIX-mandated RLIM_SAVED_MAX and RLIM_SAVED_CUR defines. On OpenBSD these are identical to RLIM_INFINITY as allowed by POSIX. OK deraadt@ | |||
| 2003-11-29 | allow ':' (range including boundaries) to be used whereever '><' (range | Daniel Hartmeier | |
| excluding boundaries) is legal. already supported by kernel, requires only removal of three error messages. ok henning@ | |||
| 2003-11-24 | fix load anchor BNF. | Henning Brauer | |
| from Joel Knight | |||
| 2003-11-18 | more literal confusion, "(" ")" vs. ( ) | Daniel Hartmeier | |
| the parentheses are required when using two queue arguments, and optional when using one. | |||
| 2003-11-18 | un-quote "return" where it's meant to reference a bnf production | Daniel Hartmeier | |
| and not a literal. | |||
| 2003-11-14 | update BNF for set debug too, again catched by mpech@ | Henning Brauer | |
| 2003-11-14 | document "set debug" | Henning Brauer | |
| ok jmc@ cedric@ | |||
| 2003-11-08 | Add 'no-sync' state option to prevent state transition messages for states | Ryan Thomas McBride | |
| created by this rule from appearing on the pfsync(4) interface. e.g. pass in proto tcp to self flags S/SA keep state (no-sync) ok cedric@ henning@ dhartmei@ | |||
| 2003-11-07 | Add some missing mentions of 'synproxy state' | Ryan Thomas McBride | |
| ok jmc@ | |||
| 2003-11-07 | - slight cleanup | Jason McIntyre | |
| - document some of the stuff in core.h - corrections from miod@ and myself; | |||
| 2003-11-07 | document line length and group membership limits; | Jason McIntyre | |
| kill a stray .Pp; help and ok millert@ | |||
| 2003-11-06 | document that label macros can now be used in tags as well | Henning Brauer | |
| with help from and ok jmc@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |