Age | Commit message (Expand) | Author |
2002-06-08 | Make state timeouts configurable per rule, like | Daniel Hartmeier |
2002-06-07 | increase rule label length from 32 to 64 chars | Henning Brauer |
2002-06-07 | add the possibility to configure a TTL while return-rst | Philipp Buehler |
2002-06-07 | Add "(max <number>)" option for "keep/modulate state" to limit the number | Daniel Hartmeier |
2002-06-07 | switch from AVL tree's to herr Provos' red-black trees | Mike Frantzen |
2002-05-19 | KNF again | Theo de Raadt |
2002-05-12 | Add gid based filtering, reduce to one (effective) uid, rename parser | Daniel Hartmeier |
2002-05-09 | Add a max-mss option to the scrub rule which will enforce a maximum mss | jasoni |
2002-05-09 | Introduce user based filtering. Rules can specify ruid and euid (real and | Daniel Hartmeier |
2002-05-05 | Instead of returning a useless kernel space pointer for the rule that | Daniel Hartmeier |
2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier |
2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier |
2002-03-27 | implement a "no-route" keyword. | Michael Shalayeff |
2002-03-25 | add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allows | Mike Frantzen |
2002-02-26 | Add optional pool memory hard limits, mainly as temporary solution | Daniel Hartmeier |
2002-02-14 | Reorder struct pf_pdesc members, saves 8 bytes. | Daniel Hartmeier |
2002-02-14 | Add skip steps for rule action (pass/block vs. scrub) and direction | Daniel Hartmeier |
2002-01-11 | pad the pf_state_{host,peer} to a 32bit quantity; dhartmei@ frantzen@ ok | Michael Shalayeff |
2002-01-09 | Add labels to rules. These are arbitrary names (not to be confused with | Daniel Hartmeier |
2002-01-08 | Add "no nat/rdr/binat" to nat.conf. The first matching rule applies. | Daniel Hartmeier |
2001-12-10 | Add an ioctl to add state entries (DIOCADDSTATE) for proxies. | Daniel Hartmeier |
2001-12-10 | Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on | Daniel Hartmeier |
2001-11-26 | add fastroute options similar to what is found in ipf | jasoni |
2001-11-06 | Use #defines for skip step values. From dgregor@net.ohio-state.edu. | Daniel Hartmeier |
2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier |
2001-09-27 | The skip steps array was one element short (since adding steps for af). | Daniel Hartmeier |
2001-09-15 | Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoing | Daniel Hartmeier |
2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen |
2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni |
2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier |
2001-09-04 | Add skip steps for interface (ifp). | Daniel Hartmeier |
2001-08-28 | Bump state timeouts and allow tweaking them from pfctl. | Mike Frantzen |
2001-08-25 | PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation. | Mike Frantzen |
2001-08-21 | KNF | Theo de Raadt |
2001-08-19 | Add new ioctls for adding/removing RDR and NAT rules to/from the active | Daniel Hartmeier |
2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier |
2001-08-19 | Add per-rule statistics (number of evaluations and number of packets). | Daniel Hartmeier |
2001-08-18 | Add new ioctl for adding/removing individual rules to/from the active rule set. | Daniel Hartmeier |
2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt |
2001-08-11 | Add support for ICMP errors referring to ICMP queries/replies. Fixes | Daniel Hartmeier |
2001-08-01 | stateless tcp normalization along the lines of the normalization paper by | Niels Provos |
2001-07-29 | Implement rule skipping. This is a transparent evaluation optimization, | Daniel Hartmeier |
2001-07-19 | Fix/complete the handling of the binary ops >< and <> to behave | Kenneth R Westerback |
2001-07-17 | support min-ttl, okay dhartmei@ | Niels Provos |
2001-07-17 | normalize ip_off, make IP_DF stripping optional, return rst is a flag now. | Niels Provos |
2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos |
2001-07-09 | Extend nat/rdr syntax. Add source/destination selection. Make | Daniel Hartmeier |
2001-07-06 | Allow negative match on interface name for nat and rdr | Chris Cappuccio |
2001-07-06 | do not use quad for counters | Theo de Raadt |
2001-07-03 | add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userland | Bob Beck |