summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2002-11-23kernel code to allow multiple redirection addresses to be specified for natRyan Thomas McBride
2002-11-02Make PF_ANEQ(), PF_ANEQ() and PF_AZERO() check the whole address if afRyan Thomas McBride
2002-10-22Convert "int af" and "u_int8_t af" declarations and function argumentsRyan Thomas McBride
2002-10-20Move pf_compare_(rules|nats|binats|rdrs) to pf_ioctl.c. Simplifies andRyan Thomas McBride
2002-10-14Allow one to specify a netblock in a binat rule:Henning Brauer
2002-10-10padd pf_state; dhartmei@ okMichael Shalayeff
2002-10-08the first step of pf/altq merge.Kenjiro Cho
2002-10-07set block-policy [drop|return]Henning Brauer
2002-10-07support a generic returnHenning Brauer
2002-10-07make return-icmp work for rules covering both v4 and v6Henning Brauer
2002-10-07use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or notHenning Brauer
2002-10-07Add 'reply-to' to filter rules, similar to route-to, but applying toDaniel Hartmeier
2002-10-05Allow filtering based on IP header's tos field.Daniel Hartmeier
2002-08-12Use state tree instead of separate (flat) list to find NAT proxy ports,Daniel Hartmeier
2002-07-15add u_int8_t ifnot to struct pf_rule to support matching packets on anyHenning Brauer
2002-06-11split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',Mike Frantzen
2002-06-11enumerate UDP and OTHER state levels (similar to tcp_fsm.h)Mike Frantzen
2002-06-11SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragmentsMike Frantzen
2002-06-11Make NAT proxy port range configurable per rule, for instance privilegedDaniel Hartmeier
2002-06-11rework pfctl statistics displayHenning Brauer
2002-06-09Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so itDaniel Hartmeier
2002-06-09split ioctl functions out of pf.c into pf_ioctl.cPhilipp Buehler
2002-06-09This commit commit commit without testing has to STOP. BE CAREFUL.Theo de Raadt
2002-06-09uncommit, broken (by corrupt diff)Philipp Buehler
2002-06-08Make state timeouts configurable per rule, likeDaniel Hartmeier
2002-06-07increase rule label length from 32 to 64 charsHenning Brauer
2002-06-07add the possibility to configure a TTL while return-rstPhilipp Buehler
2002-06-07Add "(max <number>)" option for "keep/modulate state" to limit the numberDaniel Hartmeier
2002-06-07switch from AVL tree's to herr Provos' red-black treesMike Frantzen
2002-05-19KNF againTheo de Raadt
2002-05-12Add gid based filtering, reduce to one (effective) uid, rename parserDaniel Hartmeier
2002-05-09Add a max-mss option to the scrub rule which will enforce a maximum mssjasoni
2002-05-09Introduce user based filtering. Rules can specify ruid and euid (real andDaniel Hartmeier
2002-05-05Instead of returning a useless kernel space pointer for the rule thatDaniel Hartmeier
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
2002-04-23Allow explicit filtering of fragments when they are not reassembled.Daniel Hartmeier
2002-03-27implement a "no-route" keyword.Michael Shalayeff
2002-03-25add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allowsMike Frantzen
2002-02-26Add optional pool memory hard limits, mainly as temporary solutionDaniel Hartmeier
2002-02-14Reorder struct pf_pdesc members, saves 8 bytes.Daniel Hartmeier
2002-02-14Add skip steps for rule action (pass/block vs. scrub) and directionDaniel Hartmeier
2002-01-11pad the pf_state_{host,peer} to a 32bit quantity; dhartmei@ frantzen@ okMichael Shalayeff
2002-01-09Add labels to rules. These are arbitrary names (not to be confused withDaniel Hartmeier
2002-01-08Add "no nat/rdr/binat" to nat.conf. The first matching rule applies.Daniel Hartmeier
2001-12-10Add an ioctl to add state entries (DIOCADDSTATE) for proxies.Daniel Hartmeier
2001-12-10Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based onDaniel Hartmeier
2001-11-26add fastroute options similar to what is found in ipfjasoni
2001-11-06Use #defines for skip step values. From dgregor@net.ohio-state.edu.Daniel Hartmeier
2001-10-15Add 'allow-opts' to rules. Packets with IP options will be blocked byDaniel Hartmeier
2001-09-27The skip steps array was one element short (since adding steps for af).Daniel Hartmeier