| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-11-22 | Move from the PF_RULESET_FILTER world order to PF_TRANS_RULESET | Theo de Raadt | |
| due to the standard henning+oga commit-and-run-for-beer problem. ok claudio | |||
| 2009-11-21 | If tagging is used use match rules instead of pass rules. This is needed | Claudio Jeker | |
| so that later pass rules will not overwrite the nat-to/rdr-to settings. Because of this there must be an expilicit "pass .. tagged proxytag .." rule after the ftp-proxy anchor. OK henning@ | |||
| 2009-09-07 | rdr -> rdr-to | Jason McIntyre | |
| from Karl-Heinz Wild | |||
| 2009-09-01 | Bring manpage up to speed with the changes that just happend or at least | Claudio Jeker | |
| try to. | |||
| 2009-09-01 | Bring ftp-proxy in sync with the massive pf change just commited by Henning. | Claudio Jeker | |
| This changes the way the rdr/nat rules are added to pf. Now only a single anchor is needed (the other ones do no longer exist). To convert your ruleset you need something like this at the start of your ruleset: # filter rules and anchors for ftp-proxy(8) anchor "ftp-proxy/*" pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 This was tested by myself, sthen@, dlg@ and I think many more. OK by the same people plus henning. | |||
| 2008-06-13 | Better error messages. Include the function causing the problem and do not | Claudio Jeker | |
| include the program name in logmsg() plus exit_daemon() does not return so make it a void function. OK mpf@ | |||
| 2008-04-22 | Flush output buffers before closing TCP session. Fixes the case where | Joel Knight | |
| the proxy would eat the 221 response coming from the server towards the client. Patch from camield@. Tested by Camiel and myself. ok camield@ | |||
| 2008-04-13 | Use arc4random_buf() when requesting more than a single word of output | Damien Miller | |
| Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@ | |||
| 2008-02-26 | Don't pass quick when tagging, so the tag can be used outside | Henning Brauer | |
| the ftp-proxy anchor. Exotic setups with route-to etc. can be implemented this way. from camield, ok reyk beck canacar and manpage polished by jmc | |||
| 2007-08-15 | Some servers / proxies out there like to open the data connection | Camiel Dobbelaar | |
| immediately after the client sends the PORT command. The "normal" behaviour is to wait for the client to actually request a transfer. Make ftp-proxy add the active mode rules immediately too, so that both scenario's work. ok david pyr Tested by Frank Denis, Stephan A. Rickauer, Ingo Schwarze, Stuart Henderson. Thanks. | |||
| 2007-08-01 | - -T before -t | Jason McIntyre | |
| - use .Bk/.Ek | |||
| 2007-08-01 | allow ftp-proxy to add tag statements to teh rules it inserts | Henning Brauer | |
| clever, nice and easy diff from bsd@openbsd.rutgers.edu, ok pyr reyk | |||
| 2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
| 2006-12-30 | Remove stub write callback functions now that libevent allows them to be NULL. | Camiel Dobbelaar | |
| 2006-12-30 | Convert three instances of atoi() to strtonum() and apply sane upper bounds. | Camiel Dobbelaar | |
| Triggered by Rik/harry Bobbaers on bugs@. ok mbalmer@ ray@ | |||
| 2006-12-12 | Ignore sigpipe as libevent does not handle that for us. Confirmed by | Camiel Dobbelaar | |
| provos. Fixes race condition where ftp-proxy would silently exit if a write was attempted on a socket that was closed by an RST. Should fix PR 5260. ok claudio@ | |||
| 2006-12-01 | forgot to update the comment as well | Camiel Dobbelaar | |
| 2006-12-01 | use flags S/SA for consistency with the rest of pf | Camiel Dobbelaar | |
| 2006-11-26 | repair missing DPADD requests | Theo de Raadt | |
| 2006-10-23 | no need to use "keep state" and "flags S/SA" in pf rules, | Jason McIntyre | |
| now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt | |||
| 2006-10-15 | Close file descriptors before cleaning up the events, might cause a race | Camiel Dobbelaar | |
| otherwise. | |||
| 2006-08-30 | document that ftp-proxy cannot function at a raised securelevel | Camiel Dobbelaar | |
| ok jmc marco | |||
| 2006-03-25 | unused variable | Camiel Dobbelaar | |
| from Andrey Matveev | |||
| 2006-03-22 | Rework signal handling the idiomatic libevent way. From ospfd. | Camiel Dobbelaar | |
| ok claudio henning | |||
| 2005-11-20 | .Sh SECURITY -> .Sh CAVEATS | Jason McIntyre | |
| ok camield@ | |||
| 2005-11-18 | don't assume that close() can fail, from deraadt | Camiel Dobbelaar | |
| ok henning deraadt | |||
| 2005-11-17 | buffer overflow | Theo de Raadt | |
| 2005-06-07 | add OpenBSD cvs tags, prompted by xsa@ | Camiel Dobbelaar | |
| 2005-06-07 | Introduce verbose option to control the logging of the pf rules. | Camiel Dobbelaar | |
| ok beck mpf | |||
| 2005-05-31 | tweaks; | Jason McIntyre | |
| 2005-05-30 | Don't call va_start() when we do not log. From Andrey Matveev. | Camiel Dobbelaar | |
| 2005-05-27 | do not allow nul in the control connection. | Camiel Dobbelaar | |
| ok beck | |||
| 2005-05-26 | Import new FTP proxy. Handles IPv6 and all FTP modes. It was | Camiel Dobbelaar | |
| previously known as pftpx. Not connected to the builds yet. ok beck | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |