| Age | Commit message (Expand) | Author |
|---|
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
| 2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
| 2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
| 2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
| 2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
| 2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
| 2005-06-13 | spurious XXX comment left over from interface abstraction code whacking | Henning Brauer |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-06-05 | const'ify the char * parameter to pfi_kif_get and pfi_group_change | Henning Brauer |
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
| 2005-05-25 | when an interface joins or leaves a group call back into pf so it can | Henning Brauer |
| 2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
| 2005-05-23 | further cleanup: don't mimic ifnet and add hooks and the dohooks() stuff to | Henning Brauer |
| 2005-05-22 | allow pf to match on interface groups | Henning Brauer |
| 2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
| 2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier |
| 2005-01-05 | Define defaults for the timeouts ensure consistency between kernel | Ryan Thomas McBride |
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer |
| 2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier |
| 2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt |
| 2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride |
| 2004-12-04 | Add kernel code to keep track of tcp connections which have completed | Ryan Thomas McBride |
| 2004-11-16 | Fix for PR3983 | Ryan Thomas McBride |
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino |
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
| 2004-06-25 | re-introduce PF_INOUT and move PF_FORWARD def to the end. | Jun-ichiro itojun Hagino |
| 2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
| 2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride |
| 2004-06-14 | Remove DIOCBEGINRULES, DIOCCOMMITRULES, DIOCBEGINALTQS, DIOCCOMMITALTQS, | Cedric Berger |
| 2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
| 2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier |
| 2004-05-11 | pf_cksum_fixup() was called without last argument from normalization, | Daniel Hartmeier |
| 2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
| 2004-04-28 | make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@ | Cedric Berger |
| 2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
| 2004-04-26 | anchor refcounting. ok dhartmei@ mcbride@ | Cedric Berger |
| 2004-04-25 | get rid of a complete state tree walk at state expire while in splnet() | Philipp Buehler |
| 2004-04-24 | Add "probability xxx" rule modifier. ok deraadt@ | Cedric Berger |
| 2004-03-22 | Support for best effort bulk transfers of states when pfsync syncif is | Ryan Thomas McBride |
