Age | Commit message (Expand) | Author |
2002-12-06 | Introduce anchors and named rule sets, allowing to load additional rule | Daniel Hartmeier |
2002-12-03 | no need to mh_align (while it's wrong), cleaner mtu setting; dhartmei@ ok | Michael Shalayeff |
2002-12-01 | - Clean up pf_ioctl mainly by adding new functions to handle cleaning and | Ryan Thomas McBride |
2002-12-01 | pfsync currently causes kernel faults, so we don't want to call these functions | Ryan Thomas McBride |
2002-11-29 | expose state table changes | Michael Shalayeff |
2002-11-28 | - MD5 too slow, replace with pf_hash (based on hash from if_bridge.c) | Ryan Thomas McBride |
2002-11-24 | move } outside #ifdef INET6 | Ryan Thomas McBride |
2002-11-23 | KNF | Theo de Raadt |
2002-11-23 | pass a pointer to the hash, not the first chunk of it | Ryan Thomas McBride |
2002-11-23 | kernel code to allow multiple redirection addresses to be specified for nat | Ryan Thomas McBride |
2002-11-22 | on block rules, let queue apply to the RST packets in the return-rst case | Henning Brauer |
2002-10-29 | keep all pflog goodies in pflog sources, avoids code duplications; okski fran... | Michael Shalayeff |
2002-10-22 | Convert "int af" and "u_int8_t af" declarations and function arguments | Ryan Thomas McBride |
2002-10-20 | Move pf_compare_(rules|nats|binats|rdrs) to pf_ioctl.c. Simplifies and | Ryan Thomas McBride |
2002-10-14 | Allow one to specify a netblock in a binat rule: | Henning Brauer |
2002-10-08 | the first step of pf/altq merge. | Kenjiro Cho |
2002-10-07 | -Wsign-compare clean | Daniel Hartmeier |
2002-10-07 | set block-policy [drop|return] | Henning Brauer |
2002-10-07 | support a generic return | Henning Brauer |
2002-10-07 | make return-icmp work for rules covering both v4 and v6 | Henning Brauer |
2002-10-07 | use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or not | Henning Brauer |
2002-10-07 | Add 'reply-to' to filter rules, similar to route-to, but applying to | Daniel Hartmeier |
2002-10-05 | Allow filtering based on IP header's tos field. | Daniel Hartmeier |
2002-10-04 | [to the right branch this time] | Jason Ish |
2002-09-27 | daddr was used where saddr was meant while checking incoming packets for | Henning Brauer |
2002-09-11 | KNF - return is not a function. | Jun-ichiro itojun Hagino |
2002-08-28 | Fix a problem where passing NULL as a pointer with varargs does not promote | Per Fogelstrom |
2002-08-12 | Use state tree instead of separate (flat) list to find NAT proxy ports, | Daniel Hartmeier |
2002-08-08 | th_flags doesn't have to be equal to TH_SYN to generate modulator, it's | Daniel Hartmeier |
2002-07-24 | Use host order when adding packet size to interface statistics counter. | Daniel Hartmeier |
2002-07-15 | add u_int8_t ifnot to struct pf_rule to support matching packets on any | Henning Brauer |
2002-07-15 | remove duplicated interface check in test_icmp | Henning Brauer |
2002-07-12 | Remove duplicate function declarations (they are in pfvar.h). | Artur Grabowski |
2002-07-10 | let IPv6 fragment go through based on normal rulesets. | Jun-ichiro itojun Hagino |
2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries |
2002-06-11 | enumerate UDP and OTHER state levels (similar to tcp_fsm.h) | Mike Frantzen |
2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier |
2002-06-11 | Don't panic when pf_insert_state() detects an attempt to insert a | Daniel Hartmeier |
2002-06-11 | KNF return x -> return (x), ok frantzen@ | Daniel Hartmeier |
2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier |
2002-06-10 | Don't #include <sys/malloc.h> | Daniel Hartmeier |
2002-06-09 | Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it | Daniel Hartmeier |
2002-06-09 | reapply patch from jasoni@ for ICMP6_PACKET_TOO_BIG | Philipp Buehler |
2002-06-09 | reapply patch from jasoni@ for pf_route[6] | Philipp Buehler |
2002-06-09 | split ioctl functions out of pf.c into pf_ioctl.c | Philipp Buehler |
2002-06-09 | uncommit, broken (by corrupt diff) | Philipp Buehler |
2002-06-09 | new file sys/net/pf_ioctl.c | Philipp Buehler |
2002-06-09 | increment ifs6_in_toobig if ipv6 packet too large for interface in | jasoni |
2002-06-09 | in pf_route{6}, if too large for outgoing interface and not allowed to | jasoni |
2002-06-08 | Make state timeouts configurable per rule, like | Daniel Hartmeier |