| Age | Commit message (Expand) | Author |
|---|
| 2007-02-23 | if machine has more than 100MB of physmem, default the max table entries | Theo de Raadt |
| 2007-02-09 | allow counters to be reset with DIOCGETRULES. | Henning Brauer |
| 2006-12-13 | IPv6 passive OS fingerprinting. | Jun-ichiro itojun Hagino |
| 2006-11-20 | ioctl to explicitly remove source tracking nodes, | Ryan Thomas McBride |
| 2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
| 2006-10-25 | add a "u_int8_t logif" to struct pfrule to select to which pflog interface | Henning Brauer |
| 2006-10-17 | increase max pf tag name size from 16 to 64 characters. | Reyk Floeter |
| 2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
| 2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
| 2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
| 2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
| 2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
| 2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
| 2005-06-13 | spurious XXX comment left over from interface abstraction code whacking | Henning Brauer |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-06-05 | const'ify the char * parameter to pfi_kif_get and pfi_group_change | Henning Brauer |
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
| 2005-05-25 | when an interface joins or leaves a group call back into pf so it can | Henning Brauer |
| 2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
| 2005-05-23 | further cleanup: don't mimic ifnet and add hooks and the dohooks() stuff to | Henning Brauer |
| 2005-05-22 | allow pf to match on interface groups | Henning Brauer |
| 2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
| 2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier |
| 2005-01-05 | Define defaults for the timeouts ensure consistency between kernel | Ryan Thomas McBride |
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer |
| 2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier |
| 2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt |
| 2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride |
| 2004-12-04 | Add kernel code to keep track of tcp connections which have completed | Ryan Thomas McBride |
| 2004-11-16 | Fix for PR3983 | Ryan Thomas McBride |
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino |
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
| 2004-06-25 | re-introduce PF_INOUT and move PF_FORWARD def to the end. | Jun-ichiro itojun Hagino |
| 2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
| 2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride |
| 2004-06-14 | Remove DIOCBEGINRULES, DIOCCOMMITRULES, DIOCBEGINALTQS, DIOCCOMMITALTQS, | Cedric Berger |
| 2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
| 2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier |
