![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / share / man / man4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.95 / (download) - annotate - [select for diffs], Wed Jul 5 12:00:01 2023 UTC (11 months ago) by sashan
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.94: +26 -6 lines
Diff to previous 1.94 (colored)
Document DIOCXEND in pf(4) manpage. With many improvements from jmc@ and kn@ OK jmc@, kn@ deraadt@
Revision 1.94 / (download) - annotate - [select for diffs], Sun Nov 20 16:45:10 2022 UTC (18 months, 2 weeks ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.93: +4 -2 lines
Diff to previous 1.93 (colored)
Sync struct pfi_kif with reality pfik_srcnodes and pfik_flagrefs members were added in sys/net/pfvar.h r1.492 (jul 2019) and r1.505 (dec 2021), respectively.
Revision 1.93 / (download) - annotate - [select for diffs], Wed Jul 20 09:33:11 2022 UTC (22 months, 2 weeks ago) by mbuhl
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.92: +4 -3 lines
Diff to previous 1.92 (colored)
Add a pool for the allocation of the pf_anchor struct. It was possible to exhaust kernel memory by repeatedly calling pfioctl DIOCXBEGIN with different anchor names. OK bluhm@ Reported-by: syzbot+9dd98cbce69e26f0fc11@syzkaller.appspotmail.com
Revision 1.92 / (download) - annotate - [select for diffs], Sun May 26 02:06:55 2019 UTC (5 years ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.91: +8 -3 lines
Diff to previous 1.91 (colored)
Sync with the latest net/pfvar.h ok jmc@ sashan@
Revision 1.91 / (download) - annotate - [select for diffs], Mon Feb 18 13:11:44 2019 UTC (5 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.90: +4 -4 lines
Diff to previous 1.90 (colored)
Change ps_len of struct pfioc_states and psn_len of struct pfioc_src_nodes to size_t. This avoids integer truncation by casts to unsigned. As the types of DIOCGETSTATES and DIOCGETSRCNODES ioctl(2) arguments change, pfctl(8) and systat(1) should be updated together with the kernel. Calculate number of pf(4) states as size_t in userland. OK sashan@ deraadt@
Revision 1.90 / (download) - annotate - [select for diffs], Fri Dec 21 11:16:04 2018 UTC (5 years, 5 months ago) by kn
Branch: MAIN
Changes since 1.89: +4 -4 lines
Diff to previous 1.89 (colored)
DIOCIGETIFACES provides interfaces and groups, not drivers
"driver" is a left-over from earlier implementations.
Nowadays each driver such as lo(4) has it's respective interface group of
the same name ("lo"), but additional driver-independent groups exist, too:
# ifconfig lo0 group foo
# pfctl -s I -i foo
foo
lo0
OK henning
Revision 1.89 / (download) - annotate - [select for diffs], Thu Oct 12 14:39:24 2017 UTC (6 years, 7 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.88: +10 -9 lines
Diff to previous 1.88 (colored)
some style fixes from ross l richardson; checked by/ok bluhm
Revision 1.88 / (download) - annotate - [select for diffs], Tue Aug 29 02:16:56 2017 UTC (6 years, 9 months ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.87: +9 -8 lines
Diff to previous 1.87 (colored)
Sync struct declarations with net/pfvar.h ok deraadt@ jmc@ sashan@
Revision 1.87 / (download) - annotate - [select for diffs], Tue May 30 19:38:47 2017 UTC (7 years ago) by henning
Branch: MAIN
Changes since 1.86: +1 -3 lines
Diff to previous 1.86 (colored)
remove DIOCCLRRULECTRS here as well, pt out by sashan
Revision 1.86 / (download) - annotate - [select for diffs], Thu Oct 15 02:26:27 2015 UTC (8 years, 7 months ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)
Add missing includes to make the pf(4) man page example program compile again. Spotted by and based on a diff from Jack J. Woehr.
Revision 1.85 / (download) - annotate - [select for diffs], Fri Apr 18 21:42:04 2014 UTC (10 years, 1 month ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.84: +3 -3 lines
Diff to previous 1.84 (colored)
fix SEE ALSO;
Revision 1.84 / (download) - annotate - [select for diffs], Fri Apr 18 11:18:40 2014 UTC (10 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.83: +0 -55 lines
Diff to previous 1.83 (colored)
stop talking about altq this manpage needs a bigger sync with reality...
Revision 1.83 / (download) - annotate - [select for diffs], Tue Jan 21 03:15:46 2014 UTC (10 years, 4 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.82: +5 -5 lines
Diff to previous 1.82 (colored)
obvious .Pa fixes; found with mandocdb(8)
Revision 1.82 / (download) - annotate - [select for diffs], Tue Jan 21 03:13:10 2014 UTC (10 years, 4 months ago) by lteo
Branch: MAIN
Changes since 1.81: +7 -7 lines
Diff to previous 1.81 (colored)
Update the names of the DIOCXBEGIN ruleset types. Also tweak the text a little bit to make it clear that this is the complete list of ruleset types. ok henning@ jmc@
Revision 1.81 / (download) - annotate - [select for diffs], Sat Jan 11 14:37:51 2014 UTC (10 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.80: +5 -5 lines
Diff to previous 1.80 (colored)
Sync description of struct pf_osfp_entry to rev 1.393 of pfvar.h OK deraadt@
Revision 1.80 / (download) - annotate - [select for diffs], Sun Oct 20 04:27:23 2013 UTC (10 years, 7 months ago) by lteo
Branch: MAIN
Changes since 1.79: +48 -4 lines
Diff to previous 1.79 (colored)
Document the ioctl commands of the new queueing system: DIOCADDQUEUE, DIOCGETQUEUES, DIOCGETQUEUE, and DIOCGETQSTATS (the older version has been renamed to DIOCGETALTQSTATS). ok henning jmc
Revision 1.79 / (download) - annotate - [select for diffs], Thu Jul 4 02:11:46 2013 UTC (10 years, 11 months ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.78: +13 -10 lines
Diff to previous 1.78 (colored)
Fix two errors: - DIOCSETSTATUSIF uses struct pfioc_iface, not pfioc_if. The definition of pfioc_iface is already listed under DIOCIGETIFACES, so move the description of DIOCSETSTATUSIF below DIOCIGETIFACES. - DIOCKILLSRCNODES uses struct pfioc_src_node_kill, not pfioc_iface. Add the definition of pfioc_src_node_kill while here. ok henning jmc mikeb
Revision 1.78 / (download) - annotate - [select for diffs], Thu Jul 4 00:18:59 2013 UTC (10 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.77: +5 -5 lines
Diff to previous 1.77 (colored)
Re-commit: use time_t for storing time_t values. This is an ABI change for pf, but that's fine at this time. You'll need to rebuild pf userland after updating your kernel. change to 'since' member ok henning@ rest ok henning@ deraadt@
Revision 1.77 / (download) - annotate - [select for diffs], Tue Jul 2 05:57:37 2013 UTC (10 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.76: +5 -5 lines
Diff to previous 1.76 (colored)
Revert previous: sizeof(time_t) != sizeof(long) on LP64, so there was an ABI change involved.
Revision 1.76 / (download) - annotate - [select for diffs], Tue Jul 2 01:42:01 2013 UTC (10 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.75: +5 -5 lines
Diff to previous 1.75 (colored)
Use time_t for storing time_t values. No change to the underlying type**, so no ABI change. ok henning@ deraadt@ ** ...yet
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jun 1 17:15:02 2013 UTC (11 years ago) by lteo
Branch: MAIN
Changes since 1.74: +5 -2 lines
Diff to previous 1.74 (colored)
Make pfioc_natlook and pfr_addr match net/pfvar.h ok benno henning jmc
Revision 1.74 / (download) - annotate - [select for diffs], Fri Feb 10 00:08:20 2012 UTC (12 years, 3 months ago) by haesbaert
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.73: +68 -38 lines
Diff to previous 1.73 (colored)
Clarify pf manpage and change example from DIOCNATLOOK to DIOCGETLIMIT. From Lawrence Teo, input from sthen@ and jmc@. ok deraadt@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Dec 23 17:00:47 2011 UTC (12 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
some spelling fixes, found using freebsd's "igor" document verifier;
Revision 1.72 / (download) - annotate - [select for diffs], Tue Dec 28 13:56:11 2010 UTC (13 years, 5 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.71: +5 -6 lines
Diff to previous 1.71 (colored)
correct description of DIOCSETDEBUG; from Thomas Pfaff ok henning
Revision 1.71 / (download) - annotate - [select for diffs], Mon May 31 18:33:54 2010 UTC (14 years ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.70: +38 -28 lines
Diff to previous 1.70 (colored)
update structs; from damian southard, documentation/6390
Revision 1.70 / (download) - annotate - [select for diffs], Thu Mar 25 21:27:13 2010 UTC (14 years, 2 months ago) by schwarze
Branch: MAIN
Changes since 1.69: +5 -5 lines
Diff to previous 1.69 (colored)
The "\\" escape sequence is low-level roff, don't use it in mdoc(7); instead, use "\e". This patch does not change rendering with (g)roff, but it lets mandoc render the page correctly. ok jmc@
Revision 1.69 / (download) - annotate - [select for diffs], Tue Mar 23 02:43:50 2010 UTC (14 years, 2 months ago) by sthen
Branch: MAIN
Changes since 1.68: +2 -1 lines
Diff to previous 1.68 (colored)
struct pfioc_natlook has rdomain now.
Revision 1.68 / (download) - annotate - [select for diffs], Tue Jan 12 07:58:17 2010 UTC (14 years, 4 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.67: +3 -8 lines
Diff to previous 1.67 (colored)
tweak previous;
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jan 12 03:20:51 2010 UTC (14 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.66: +2 -80 lines
Diff to previous 1.66 (colored)
First pass at removing the 'pf_pool' mechanism for translation and routing actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
Revision 1.66 / (download) - annotate - [select for diffs], Sun Nov 15 21:01:30 2009 UTC (14 years, 6 months ago) by mpf
Branch: MAIN
Changes since 1.65: +10 -11 lines
Diff to previous 1.65 (colored)
Update DIOCKILLSTATES and DIOCCLRSTATES sections. Pointed out by ohauer at gmx.de. OK henning.
Revision 1.65 / (download) - annotate - [select for diffs], Tue Sep 1 13:44:01 2009 UTC (14 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.64: +4 -10 lines
Diff to previous 1.64 (colored)
i have no idea who smuggled this in my tree but it is right (adopt for new pf)
Revision 1.64 / (download) - annotate - [select for diffs], Thu Apr 2 13:46:06 2009 UTC (15 years, 2 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.63: +6 -2 lines
Diff to previous 1.63 (colored)
Anchor names with characters after the terminating null byte are invalid. ok jmc@
Revision 1.63 / (download) - annotate - [select for diffs], Tue Mar 17 21:37:31 2009 UTC (15 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.62: +3 -2 lines
Diff to previous 1.62 (colored)
+.Xr pf.conf 5 , from bofh
Revision 1.62 / (download) - annotate - [select for diffs], Wed Sep 10 14:57:37 2008 UTC (15 years, 8 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.61: +3 -2 lines
Diff to previous 1.61 (colored)
+.Xr pflow 4 ,
Revision 1.61 / (download) - annotate - [select for diffs], Thu Sep 4 13:50:37 2008 UTC (15 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.60: +5 -3 lines
Diff to previous 1.60 (colored)
- document DIOCKILLSRCNODES; requested by Johan Strom - fix some line wrap in DIOCSETIFFLAG ok henning
Revision 1.60 / (download) - annotate - [select for diffs], Sun Dec 2 12:08:04 2007 UTC (16 years, 6 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.59: +10 -7 lines
Diff to previous 1.59 (colored)
DIOC{GET,ADD}STATE incorrectly use a user provided pointer without using
copyin/out. Change the API so that the state is included in the ioctl
argument, so the ioctl wrappers take care of copying memory as appropriate.
Also change the DIOCGETSTATE API to be more useful. Instead of getting
an arbitrarily "numbered" state (using numbering that can change between
calls), instead search based on id and creatorid. If you want to monitor
only a particular state, you can now use the bulk functions first to find
the appropriate id/creatorid and then fetch it directly from then on.
ok dlg@ henning@
Revision 1.59 / (download) - annotate - [select for diffs], Thu May 31 19:19:51 2007 UTC (17 years ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
convert to new .Dd format;
Revision 1.58 / (download) - annotate - [select for diffs], Fri Feb 9 11:39:06 2007 UTC (17 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.57: +6 -1 lines
Diff to previous 1.57 (colored)
document how to clear rule counters with DIOCGETRULES
Revision 1.57 / (download) - annotate - [select for diffs], Sat Jun 10 16:13:00 2006 UTC (18 years ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.56: +86 -41 lines
Diff to previous 1.56 (colored)
clarify the requirements for table ioctls so the word "table" is not used to refer to everything not even a pf table, and some of the size fields are actually documented. help from jmc@ ok jmc@ dhartmei@
Revision 1.56 / (download) - annotate - [select for diffs], Sat Aug 6 04:38:41 2005 UTC (18 years, 10 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
DIOCRDELTABLES modifies pfrio_ndel, not _nadd.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jun 14 16:13:25 2005 UTC (18 years, 11 months ago) by jaredy
Branch: MAIN
Changes since 1.54: +35 -58 lines
Diff to previous 1.54 (colored)
- catch up to recent pf changes - clarify description of DIOCGETSTATES, as reported by Henrik Gustafsson <openbsd@fnord.se> via tech@ ok henning, jmc
Revision 1.54 / (download) - annotate - [select for diffs], Wed Dec 22 17:17:55 2004 UTC (19 years, 5 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.53: +14 -1 lines
Diff to previous 1.53 (colored)
Introduce 'set skip on <ifspec>' to support a list of interfaces where no packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@
Revision 1.53 / (download) - annotate - [select for diffs], Fri Dec 10 03:29:02 2004 UTC (19 years, 6 months ago) by jaredy
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
sync to recent rate limiting changes
Revision 1.52 / (download) - annotate - [select for diffs], Tue Aug 24 03:13:46 2004 UTC (19 years, 9 months ago) by jaredy
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.51: +61 -76 lines
Diff to previous 1.51 (colored)
sync to reality w.r.t. recursive anchors - update header file excerpts - update descriptions - drop DIOCGETANCHOR(S) ok jmc, dhartmei and some minor mdoc fixes (Vt for variable types)
Revision 1.51 / (download) - annotate - [select for diffs], Mon Jun 14 20:55:54 2004 UTC (19 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.50: +1 -92 lines
Diff to previous 1.50 (colored)
Remove obsolete ioctls. ok beck@ dhartmei@ henning@
Revision 1.50 / (download) - annotate - [select for diffs], Sat May 22 16:06:07 2004 UTC (20 years ago) by jmc
Branch: MAIN
Changes since 1.49: +232 -59 lines
Diff to previous 1.49 (colored)
updates and improvements from jared yanovich; ok dhartmei@
Revision 1.49 / (download) - annotate - [select for diffs], Wed Mar 31 08:20:57 2004 UTC (20 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.48: +499 -304 lines
Diff to previous 1.48 (colored)
from Jared Yanovich: - sync w/ header - consistency fixes - better macro usage - wording corrections/improvements ok dhartmei@
Revision 1.48 / (download) - annotate - [select for diffs], Sat Mar 27 17:15:30 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.47: +3 -1 lines
Diff to previous 1.47 (colored)
sync struct pf_status with reality, reminded by joel knight, theo ok
Revision 1.47 / (download) - annotate - [select for diffs], Sun Mar 21 19:47:59 2004 UTC (20 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
Homogeneize config lines for pseudo-devices, and do not put fixed values.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Feb 19 21:29:51 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
Changes since 1.45: +9 -3 lines
Diff to previous 1.45 (colored)
Makes pfctl -Fs and pfctl -w works with the optional -i specifier. Kernel/Userland Sync needed. ok dhartmei@ jmc@ markus@ mcbride@
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jan 24 18:54:40 2004 UTC (20 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
wrong docs for an ioctl; jjy2+@pitt.edu
Revision 1.44 / (download) - annotate - [select for diffs], Wed Dec 31 14:03:01 2003 UTC (20 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.43: +30 -17 lines
Diff to previous 1.43 (colored)
delete some blank lines; mark up new ioctls a little better;
Revision 1.43 / (download) - annotate - [select for diffs], Wed Dec 31 11:18:25 2003 UTC (20 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.42: +61 -1 lines
Diff to previous 1.42 (colored)
Many improvements to the handling of interfaces in PF. 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
Revision 1.42 / (download) - annotate - [select for diffs], Mon Dec 15 05:18:40 2003 UTC (20 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.41: +3 -3 lines
Diff to previous 1.41 (colored)
- end sentence with full stop, not comma - kill whitespace at EOL
Revision 1.41 / (download) - annotate - [select for diffs], Mon Dec 15 00:02:03 2003 UTC (20 years, 5 months ago) by mcbride
Branch: MAIN
Changes since 1.40: +48 -10 lines
Diff to previous 1.40 (colored)
Add support to track stateful connections by source ip. This allows us to: - Ensure that clients get a consistent IP mapping with load-balanced translation/routing rules - Limit the number of simultaneous connections a client can make - Limit the number of clients which can connect through a rule ok dhartmei@ deraadt@
Revision 1.40 / (download) - annotate - [select for diffs], Sat Oct 4 17:18:56 2003 UTC (20 years, 8 months ago) by mcbride
Branch: MAIN
Changes since 1.39: +8 -6 lines
Diff to previous 1.39 (colored)
DIOCBEGINADDRS takes struct pfioc_pooladdr, not u_int32_t Fixes PR3511 from apaterno@dsnsecurity.com
Revision 1.39 / (download) - annotate - [select for diffs], Thu Oct 2 00:25:42 2003 UTC (20 years, 8 months ago) by mcbride
Branch: MAIN
Changes since 1.38: +4 -2 lines
Diff to previous 1.38 (colored)
Sync with pfvar.h
Revision 1.38 / (download) - annotate - [select for diffs], Wed Oct 1 14:32:54 2003 UTC (20 years, 8 months ago) by cedric
Branch: MAIN
Changes since 1.37: +42 -31 lines
Diff to previous 1.37 (colored)
Document new transaction IOCTLs, remove old ones. Ok jmc@ mcbride@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Aug 28 09:41:22 2003 UTC (20 years, 9 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.36: +6 -6 lines
Diff to previous 1.36 (colored)
tweak; ok frantzen@
Revision 1.36 / (download) - annotate - [select for diffs], Fri Aug 22 21:50:34 2003 UTC (20 years, 9 months ago) by david
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
pf spelling police ok dhartmei@ jmc@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Aug 21 19:12:59 2003 UTC (20 years, 9 months ago) by frantzen
Branch: MAIN
Changes since 1.34: +78 -1 lines
Diff to previous 1.34 (colored)
document passive OS fingerprinting
Revision 1.34 / (download) - annotate - [select for diffs], Mon Aug 11 20:39:38 2003 UTC (20 years, 10 months ago) by dhartmei
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
DIOCCHANGEADDR takes pfioc_pooladdr, not pfioc_addr.
Revision 1.33 / (download) - annotate - [select for diffs], Sat Aug 9 13:36:25 2003 UTC (20 years, 10 months ago) by dhartmei
Branch: MAIN
Changes since 1.32: +3 -1 lines
Diff to previous 1.32 (colored)
missing #includes in the code example
Revision 1.32 / (download) - annotate - [select for diffs], Fri Jun 6 10:29:41 2003 UTC (21 years ago) by jmc
Branch: MAIN
Changes since 1.31: +6 -4 lines
Diff to previous 1.31 (colored)
- section reorder - some macro fixes - kill whitespace at EOL
Revision 1.31 / (download) - annotate - [select for diffs], Sat May 24 14:29:29 2003 UTC (21 years ago) by cedric
Branch: MAIN
Changes since 1.30: +6 -2 lines
Diff to previous 1.30 (colored)
sync
Revision 1.30 / (download) - annotate - [select for diffs], Fri Apr 11 16:52:48 2003 UTC (21 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.29: +3 -3 lines
Diff to previous 1.29 (colored)
tweak to clarify we can add/remove states too. ok henning@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Feb 14 09:41:42 2003 UTC (21 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.28: +24 -20 lines
Diff to previous 1.28 (colored)
new sentence, new line whitespace some typos krause, 10x!
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jan 28 10:40:20 2003 UTC (21 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.27: +25 -23 lines
Diff to previous 1.27 (colored)
typos; added white boldface to examples ok deraadt@
Revision 1.27 / (download) - annotate - [select for diffs], Mon Jan 20 17:50:41 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.26: +47 -1 lines
Diff to previous 1.26 (colored)
Add definition of all structures involved in the radix table ioctls.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jan 9 10:40:44 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.25: +41 -19 lines
Diff to previous 1.25 (colored)
Add support for active/inactive tablesets in the kernel. Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Dec 29 20:07:34 2002 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.24: +106 -1 lines
Diff to previous 1.24 (colored)
Add support for radix tables for source and destination of PF rules. ok dhartmei@, mcbride@, henning@
Revision 1.24 / (download) - annotate - [select for diffs], Sun Dec 22 20:02:54 2002 UTC (21 years, 5 months ago) by mcbride
Branch: MAIN
Changes since 1.23: +61 -10 lines
Diff to previous 1.23 (colored)
Add altq ioctls. Just the bare minimum, more details to come. ok henning@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 22 02:04:00 2002 UTC (21 years, 5 months ago) by mcbride
Branch: MAIN
Changes since 1.22: +110 -82 lines
Diff to previous 1.22 (colored)
Bring this closer to the reality of pf_ioctl.c; Not perfect, just a first pass. ok henning@
Revision 1.22 / (download) - annotate - [select for diffs], Sun Dec 15 18:58:50 2002 UTC (21 years, 5 months ago) by margarida
Branch: MAIN
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)
Add ioctl(2) .Xr henning@ ok
Revision 1.21 / (download) - annotate - [select for diffs], Sun Dec 15 18:46:15 2002 UTC (21 years, 5 months ago) by margarida
Branch: MAIN
Changes since 1.20: +11 -11 lines
Diff to previous 1.20 (colored)
rule set(s) -> ruleset(s) henning@ ok
Revision 1.20 / (download) - annotate - [select for diffs], Mon Dec 2 15:28:35 2002 UTC (21 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
spelling; from Jolan <jolan at cryptonomicon.org> Danke!
Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 29 18:37:12 2002 UTC (21 years, 6 months ago) by mickey
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
das ist pfsync.4
Revision 1.18 / (download) - annotate - [select for diffs], Fri Oct 25 09:27:54 2002 UTC (21 years, 7 months ago) by mpech
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Fix example. If error don't use 0 in err/errx. More commits are comming. dhartmei@ ok
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jul 15 14:04:28 2002 UTC (21 years, 10 months ago) by pb
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.16: +4 -6 lines
Diff to previous 1.16 (colored)
fix pasto, additionally fix DIOCGETBINAT both noticed by Dries Schellekens
Revision 1.16 / (download) - annotate - [select for diffs], Mon Jul 15 12:57:27 2002 UTC (21 years, 10 months ago) by pb
Branch: MAIN
Changes since 1.15: +12 -1 lines
Diff to previous 1.15 (colored)
catch up with reality (DIOC[SG]ETLIMIT) ok henning@, dhartmei@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Mar 26 09:38:30 2002 UTC (22 years, 2 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.14: +12 -1 lines
Diff to previous 1.14 (colored)
Document DIOCKILLSTATES. From Denis Afonin.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Feb 14 23:03:19 2002 UTC (22 years, 3 months ago) by dhartmei
Branch: MAIN
Changes since 1.13: +31 -6 lines
Diff to previous 1.13 (colored)
Some fixes and additions, from Denis Afonin.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Dec 16 23:42:16 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +12 -9 lines
Diff to previous 1.12 (colored)
KNF the code block
Revision 1.12 / (download) - annotate - [select for diffs], Mon Dec 10 22:02:05 2001 UTC (22 years, 6 months ago) by weingart
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
pf.4: Grammar & xref pflog.4: New, thanks to frantzen for feedback. Ok deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Dec 10 18:28:33 2001 UTC (22 years, 6 months ago) by dhartmei
Branch: MAIN
Changes since 1.10: +3 -1 lines
Diff to previous 1.10 (colored)
Add an ioctl to add state entries (DIOCADDSTATE) for proxies.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 13 19:09:59 2001 UTC (22 years, 6 months ago) by dhartmei
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)
Escape \ in example.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Nov 13 18:51:24 2001 UTC (22 years, 6 months ago) by dhartmei
Branch: MAIN
Changes since 1.8: +79 -9 lines
Diff to previous 1.8 (colored)
Improve introduction, add example.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Nov 13 18:26:53 2001 UTC (22 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +1 -3 lines
Diff to previous 1.7 (colored)
kill BUGS sections that basically say "there might be bugs". Like, WTF?
Revision 1.7 / (download) - annotate - [select for diffs], Fri Oct 5 14:45:53 2001 UTC (22 years, 8 months ago) by mpech
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.6: +3 -2 lines
Diff to previous 1.6 (colored)
Powered by @mantoya: o) start new sentence on a new line; o) minor mdoc fixes; millert@ ok Tip of the day: www.mpechismazohist.com
Revision 1.6 / (download) - annotate - [select for diffs], Sat Sep 15 03:54:40 2001 UTC (22 years, 8 months ago) by frantzen
Branch: MAIN
Changes since 1.5: +6 -6 lines
Diff to previous 1.5 (colored)
IPv6 support from Ryan McBride (mcbride@countersiege.com)
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 5 12:34:44 2001 UTC (22 years, 9 months ago) by dhartmei
Branch: MAIN
Changes since 1.4: +179 -1 lines
Diff to previous 1.4 (colored)
Begin to document ioctl interface.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 1 22:07:35 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
Remember to end list.
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jul 1 22:05:51 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.2: +11 -3 lines
Diff to previous 1.2 (colored)
IPF cleanups; openbsd@davidkrause.com
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 25 05:45:52 2001 UTC (22 years, 11 months ago) by kjell
Branch: MAIN
Changes since 1.1: +2 -3 lines
Diff to previous 1.1 (colored)
fix copyright, for what it is worth
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 25 05:37:04 2001 UTC (22 years, 11 months ago) by kjell
Branch: MAIN
Skeleton of a manpage for pf, dhartmei's shiny new packet filter. This is a little sparse yet.