| Age | Commit message (Expand) | Author |
|---|
| 2006-09-18 | allow RST from TCP client, even if client does not send data after SYN; | Markus Friedl |
| 2006-09-18 | fix tos (type-of-service) comparisons. for rules which use 'tos x', compare | Daniel Hartmeier |
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-17 | missing rtlabel support in pf_addr_wrap_neq() | Henning Brauer |
| 2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
| 2006-02-07 | mention source of pf_modulate_sack() in comment, no code change, | Daniel Hartmeier |
| 2006-01-31 | the TCP SACK option needs sequence number modulation | Mike Frantzen |
| 2005-11-14 | fix spello | Christopher Pascoe |
| 2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
| 2005-10-26 | Instead of using arc4random() to modulate the TCP isn, call tcp_rndiss_next() | Ryan Thomas McBride |
| 2005-10-25 | mtag in pf_route is now only used for IPSEC, so #ifdef it | Henning Brauer |
| 2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-08-22 | when nat'ing icmp 'connections', replace icmp id with proxy values | Daniel Hartmeier |
| 2005-08-22 | fix rdr to bitmask replacement address pool. patch from Max Laier, | Daniel Hartmeier |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-07-31 | Change the API for icmp_do_error so that it takes the mtu directly, rather | Christopher Pascoe |
| 2005-07-29 | Use one "struct pf_state key" declaration at top of pf_test_state_icmp, | Christopher Pascoe |
| 2005-07-21 | account ipv4 packets with wrong tcp/udp/icmp checksums and udp | Markus Friedl |
| 2005-07-04 | restrict the tcp.finwait timeout (45s) to state combinations where we have | Markus Friedl |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
| 2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
| 2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
| 2005-04-25 | csum -> csum_flags | Brad Smith |
| 2005-04-22 | When synproxy completes the replayed handshake and modifies the state | Daniel Hartmeier |
| 2005-04-15 | Try this again. | Joel Knight |
| 2005-04-14 | back out last, some breakage crept in | Henning Brauer |
| 2005-04-14 | When synproxy sends packets to the destination host, make sure to copy | Joel Knight |
| 2005-03-15 | byte order of mss, only affects synproxy code path, from John L. Scarfone | Daniel Hartmeier |
| 2005-03-04 | add state's tag for IPv6, too. spotted by markus@ | Daniel Hartmeier |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
| 2005-02-27 | support 'tagged' in translation rules, non-delayed tag lookup | Daniel Hartmeier |
| 2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier |
| 2005-01-20 | Use the packet's address family instead of the rule's when selecting a | Daniel Hartmeier |
| 2005-01-07 | Make carp(4) traffic always appear on the physical (carpdev) interface | Ryan Thomas McBride |
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
| 2004-12-17 | ICMP state entries use the ICMP ID as port for the unique state key. When | Daniel Hartmeier |
| 2004-12-14 | Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, | Ryan Thomas McBride |
| 2004-12-11 | Handle errors in pf_route{,6} more gracefully. | Marco Pfatschbacher |
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer |
| 2004-12-07 | KNF | Ryan Thomas McBride |
| 2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier |
| 2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt |
| 2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride |
| 2004-12-06 | support max-src-conn-rate with synproxy, ok mcbride@ | Daniel Hartmeier |
| 2004-12-05 | IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6 | Daniel Hartmeier |
