Age | Commit message (Expand) | Author |
2010-06-27 | stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot while | Henning Brauer |
2010-05-07 | Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 | Claudio Jeker |
2010-02-04 | pf_get_sport() picks a random port from the port range specified in a | Stuart Henderson |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-14 | henning and I are both dumbasses, testing &foo against NULL is pointless. | Ryan Thomas McBride |
2010-01-14 | When printing states in debug output, print the rule number that created | Ryan Thomas McBride |
2010-01-14 | i forgot to remove a now obsolete comment in pf_create_state about | Henning Brauer |
2010-01-14 | in pf_create_state, when we fixed the leaks, we were a bit too trigger | Henning Brauer |
2010-01-13 | in pf_state_key_detach, ensure that the state key pointer on the state | Henning Brauer |
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
2010-01-11 | "final" leak in state creation: in pf_state_key_setup, if we actually | Henning Brauer |
2010-01-11 | fix a bug in pf_create_state that was a major source of amusement for me | Henning Brauer |
2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-12-08 | move "pf: key search" and "pf: key setup" messages to PF_DEBUG_NOISY | Stuart Henderson |
2009-11-26 | magical fix for a fault which reliably brings my firewalls down. i think | David Gwynne |
2009-11-23 | with the old code we initialized the state keys early in some cases | Henning Brauer |
2009-11-23 | one kinda-missing log |= PFLOG_FORCE in the v6 case, spotted by claudio | Henning Brauer |
2009-11-23 | sync the handling of the log flag from pf_test (where it is correct) | Henning Brauer |
2009-11-23 | pf_test_fragment: we need to bail out if action == PF_DROP, not | Henning Brauer |
2009-11-23 | sync some comments with reality | Henning Brauer |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-21 | knf | Henning Brauer |
2009-11-05 | IPv6 support for divert sockets. | Michele Marchetto |
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker |
2009-10-29 | I missed updating a line for the AF_INET6 route case when | Jonathan Gray |
2009-10-28 | Add a dedicated pf pool for route options as suggested by henning, | Jonathan Gray |
2009-10-06 | Redo the route lookup in the output (and IPv6 forwarding) path if the | Claudio Jeker |
2009-10-04 | Add (again) support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-16 | style: in pf_test_state_other, fix indentation, kill excessive newlines, | Henning Brauer |
2009-09-16 | fix copy & paste error from almost a year ago (bad ryan) | Henning Brauer |
2009-09-08 | I had not enough oks to commit this diff. | Michele Marchetto |
2009-09-08 | Add support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-01 | the diff theo calls me insanae for: | Henning Brauer |
2009-07-28 | do not leak pf_rule_item_pl items in pf_test_rule() when | Henning Brauer |
2009-07-28 | check that pool_get actually gives us memory in pf_test_rule. | Henning Brauer |
2009-06-26 | invert direction for inner icmp state lookups (e.g. traceroute with icmp) | Markus Friedl |
2009-06-22 | Check that the address family is appropriate before processing ICMPv4 and | Joel Sing |
2009-06-22 | Always drop ICMPv6 in IPv4 datagrams, not only when compiled with INET6. | Joel Sing |
2009-06-22 | Fix scrub max-mss for IPv6 traffic. | Joel Sing |
2009-06-08 | in pf_print_state_parts, do not use skw->proto to print the protocol | Henning Brauer |
2009-06-08 | "do not call PF_ANEQ with af=0, dragons". fixes a problem with skip | Stuart Henderson |
2009-06-05 | Initial support for routing domains. This allows to bind interfaces to | Claudio Jeker |
2009-05-18 | The routing table index rtableid has type unsigned int in the routing | Alexander Bluhm |
2009-04-30 | treat log as what it is, a flag variable. effectively a noop now but stops | Henning Brauer |
2009-04-23 | print the type of the icmp message we're bitching about when debugging is | David Gwynne |
2009-04-17 | move the lastr = r assignment behind the anchor rule check so we don't | Henning Brauer |
2009-04-15 | little dose of scrubbing after the monster changes: | Henning Brauer |
2009-04-15 | move OK ICMP to NOISY level, makes it easier to run at MISC level; ok henning@ | David Krause |