Age | Commit message (Expand) | Author |
2013-11-13 | DIOCGETSRCNODES was leaking a little bit more kernel information | Theo de Raadt |
2013-11-12 | two ioctl's were disclosing kernel pointers and such. | Theo de Raadt |
2013-10-20 | Deep inside DIOCXCOMMIT, should return a real errno instead of -1 | Theo de Raadt |
2013-10-17 | The header file netinet/in_var.h included netinet6/in6_var.h. This | Alexander Bluhm |
2013-10-12 | new bandwidth shaping subsystem, kernel side | Henning Brauer |
2013-10-12 | give tagname2tag and its siblings an extra "create" parameter. if 1, it | Henning Brauer |
2013-03-28 | no need for a lot of code to include proc.h | Ted Unangst |
2013-03-27 | Use the correct src/dst ports depending on direction (one of src or dst was | Ryan Thomas McBride |
2013-02-26 | Don't try to purge one-time rules from the main ruleset. | Mike Belopuhov |
2012-10-30 | Use time_uptime for expiration values as time_second can be skewed at | Florian Obser |
2012-09-20 | Lower pf frags limit to not risk running out of mbuf clusters | Camiel Dobbelaar |
2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer |
2012-07-08 | there was a limit on the number of pflog interfaces - 16. remove that. | Henning Brauer |
2012-07-07 | rename prio in struct pf_rule and related structs to set_prio so it is | Henning Brauer |
2012-07-07 | restore DIOCKILLSTATE semantics to what they were before the NAT rewrite. | Henning Brauer |
2012-04-03 | Fix kernel compilation with pf but without pfsync pseudo-device by | Mike Belopuhov |
2012-03-28 | Another pid that needs to be the process pid and not the thread one. | Claudio Jeker |
2011-12-12 | fixup af-to regression with match rules | Mike Belopuhov |
2011-11-29 | use a u_int64_t for the state id in pfsync_state. this makes it consistent | David Gwynne |
2011-11-28 | deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, and | David Gwynne |
2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
2011-10-13 | Since the IPv6 madness is not enough introduce NAT64 -- which is actually | Claudio Jeker |
2011-10-07 | rename some vars and functions | Henning Brauer |
2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
2011-07-08 | surprisingly, we use pf as classifier for the new priority queueing | Henning Brauer |
2011-06-02 | Don't destroy a non-persistent table if referenced by src_nodes. Fixes | Stuart Henderson |
2011-04-19 | Fix potential null dereference. | Charles Longeau |
2011-04-06 | Allow PF to filter on the rdomain a packet belongs to. This allows to | Claudio Jeker |
2011-03-25 | Include original rdomain in DIOCNATLOOK. This allows userland proxies | Claudio Jeker |
2010-12-15 | Be more careful when copying the pf rule from userland into the kernel. | Claudio Jeker |
2010-06-30 | fix route label awesomeness, issue also known as PR6416 | Henning Brauer |
2010-06-28 | Clean up iterface stats handling: | Ryan Thomas McBride |
2010-06-27 | Fix DIOCCHANGERULE ioctl broken in the remove of the address pools. | Ryan Thomas McBride |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-11-24 | kill obsolete natpass | Henning Brauer |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-11 | Fix some memory leaks in error cases. | Jonathan Gray |
2009-11-03 | Use u_int16_t for rdomains for everything. Using various types makes | Claudio Jeker |
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker |
2009-10-28 | Add a dedicated pf pool for route options as suggested by henning, | Jonathan Gray |
2009-10-06 | Replace if (af) tests operating as an af blacklist with stricter switch | Ryan Thomas McBride |
2009-09-01 | the diff theo calls me insanae for: | Henning Brauer |
2009-05-31 | make set loginterface, set hostid, set reassemble and set debug | Henning Brauer |
2009-04-16 | Really turn fragment reassembly on by default. pfctl must handle this | David Krause |
2009-04-07 | turn fragment reassembly on by default. the is little to no reason to | Henning Brauer |
2009-04-06 | 1) scrub rules are completely gone. | Henning Brauer |