| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-09-26 | erm, committing to teh right repository helps sometimes. | Henning Brauer | |
| don't reject usernames > 15 chars; username is not used as ruleset name any more, thus, this restriction is gone. PR3491, fix from dhartmei | |||
| 2003-08-21 | stuff needed for passive OS fingerprinting PF rules | Mike Frantzen | |
| 2003-08-01 | tickets are now u_int32_t, not int, fixes tree breakage; from Andrey Smagin | Todd C. Miller | |
| 2003-07-11 | Better parsing and -v support for tables: | Cedric Berger | |
| - remove the tableaddrs and tableaddr yacc production and reuse host_list instead. - produce better error messages. - do not load addresses from external file when it is not required (like with -R option). - store initializers in a new node_tinit linked list before putting them into the address buffer (see next point). - add a new print_tabledef() function, which makes "pfctl -nvf" print something useful for table definitions, which in turn makes it possible to write better regress tests (see first chunk of the diff) and bring table definition consistant with other parsed rules. ok dhartmei@ | |||
| 2003-07-08 | Fix a bug that caused removal of previous users' rules when more then one | Daniel Hartmeier | |
| user loggged in concurrently. And fix a smaller bug which prevented complete removal of a user's state entries on logout. Bug report and testing by Ed Powers. | |||
| 2003-07-03 | Bye bye atexit(), bye bye globals... | Cedric Berger | |
| The pfctl.c part will probably need some further improvements. ok henning@ | |||
| 2003-07-03 | This patch finally cleanup pfctl_table.c. No more global buffer, | Cedric Berger | |
| and a couple of parsing functions moved to parse.y or pfctl_parser where they belong. I also took the opportunity to replace "void" functions with exit(1) or err() inside by "int" functions, with the caller checking the return value for errors (much cleaner and an old request from Theo) ok dhartmei@ henning@ | |||
| 2003-06-28 | () to (void) | Theo de Raadt | |
| 2003-06-27 | /etc/authpf.allow -> /etc/authpf/authpf.allow in comments | Henning Brauer | |
| spotted by Joel Knight again | |||
| 2003-06-24 | clean | Theo de Raadt | |
| 2003-06-24 | (long)getpid(); andrushock@korovino.net | Theo de Raadt | |
| 2003-06-03 | remove term 3, with permission from Chris Kuethe for pathnames.h | Bob Beck | |
| 2003-05-10 | Be polite about leaving invalid data around in globals, just in case | Chad Loder | |
| someone comes along later, modifies the code, and runs into a problem. OK beck@ | |||
| 2003-05-10 | catch up with pfctl changes | Henning Brauer | |
| 2003-04-30 | Allow tables to be loaded into anchors. | Cedric Berger | |
| Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@ | |||
| 2003-04-20 | authpf is supposed to die if the /etc/authpf/authpf.conf is not present. | Bob Beck | |
| pr # 3217, patch from frisco@blackant.net | |||
| 2003-02-19 | sync to pfctl; BAD HENNING BAD BAD BAD NO COOKIE | Theo de Raadt | |
| 2003-02-11 | adjust after pfctl changes | Henning Brauer | |
| 2003-02-03 | typos and minor KNF; from andrushock, thanks! | Henning Brauer | |
| 2003-02-02 | adjust after pfctl change; parse_rules doesn't take opts seperately any more | Henning Brauer | |
| 2003-01-29 | do setprocticle; ok camield | Theo de Raadt | |
| 2003-01-27 | remove some unused includes, from Andrey Matveev | Daniel Hartmeier | |
| 2003-01-26 | mop up, from krw | Daniel Hartmeier | |
| 2003-01-25 | Permit initialisation of a table content from a file in pf.conf. | Cedric Berger | |
| Cleaning up of the table options parsing, more flexible. idea+cleanup deraadt@, ok dhartmei@, pass all regress tests. | |||
| 2003-01-09 | Add support for active/inactive tablesets in the kernel. | Cedric Berger | |
| Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@ | |||
| 2003-01-07 | Add function to search for and remove stale rulesets from other authpf | Daniel Hartmeier | |
| processes which have terminated unexpectedly. ok beck@ | |||
| 2003-01-06 | nicer syslog | Theo de Raadt | |
| 2003-01-05 | Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for table | Daniel Hartmeier | |
| name. ok henning@, mcbride@, cedric@ | |||
| 2003-01-01 | Scrub and filter rules are separated now, adjust authpf accordingly. | Daniel Hartmeier | |
| 2002-12-29 | Set a macro $user_id to the user name, just like $user_ip is already set | Daniel Hartmeier | |
| to the IP address. From discussion with Michael Lucas. ok henning@ | |||
| 2002-12-22 | KNF | Henning Brauer | |
| 2002-12-22 | Instead of inserting and removing rules at the top/bottom of the main | Daniel Hartmeier | |
| ruleset, make authpf manage its rules inside anchors. | |||
| 2002-12-19 | redundant memset | Henning Brauer | |
| 2002-12-19 | KNF | Henning Brauer | |
| 2002-12-18 | Fix tree breakage; match changes to struct pfctl (now contains an array | Ryan Thomas McBride | |
| of pointers to pfioc_rule). Fix from henning@ ok dhartmei@ | |||
| 2002-12-17 | Match merge of pf_nat/pf_binat/pf_rdr structs into pf_rule | Ryan Thomas McBride | |
| - Move pf_compare* functions here - fix ioctls. | |||
| 2002-12-06 | Introduce anchors and named rule sets, allowing to load additional rule | Daniel Hartmeier | |
| sets with pfctl and evaluate them from the main rule set using a new type of rule (which will support conditional evaluation soon). Makes maintenance of sub-rulesets simpler for pfctl and daemons. Idea and ok deraadt@ | |||
| 2002-12-04 | catch up to -v -v change in pfctl(8) | Theo de Raadt | |
| 2002-12-01 | KNF | Henning Brauer | |
| 2002-12-01 | Match pf_ioctl.c cleanup; if we're doing a DIOCCHANGE* operation which uses | Ryan Thomas McBride | |
| old*, we need to call DIOCBEGINADDRS twice: once for the old rule/rdr/nat, and once for the new one. ok dhartmei@ henning@ | |||
| 2002-11-23 | don't try to do ioctl with PF_OPT_NOACTION | Ryan Thomas McBride | |
| does not impact fuction of authpf, but make it consistent with the rest of the add_* family ok dhartmei@ | |||
| 2002-11-23 | add code to load lists of redirection addresses for nat/rdr/route-to/etc. | Ryan Thomas McBride | |
| 2002-11-22 | Disallow non-interactive sessions, to avoid problem of users scp'ing | Bob Beck | |
| to authpf gateway - noticed by Devan Reade <gdr@gno.org>, ok henning | |||
| 2002-11-19 | be more precise | Theo de Raadt | |
| 2002-11-19 | hacks to make the tree build; henning gets a carrot up the nose next time i ↵ | Theo de Raadt | |
| meet him | |||
| 2002-10-25 | - be even more careful with data supplied from outside | Camiel Dobbelaar | |
| - check explicitly for negative values from snprintf (-pedantic) - use MAXLOGNAME - use parentheses with all sizeof's for consistency | |||
| 2002-06-25 | hooks for options. | Henning Brauer | |
| we don't support setting pf options via authpf, but need the hooks here, too. ok dhartmei@, kjell@ | |||
| 2002-06-12 | fix a typo that could create a fd leak | Vincent Labrecque | |
| ok beck@ | |||
| 2002-06-11 | fix breakage from the stupid way theo and I commited that last big pile of | Bob Beck | |
| changes. | |||
| 2002-06-11 | I broke this. Remove separate (optional) nat calls | Kjell Wooding | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |