summaryrefslogtreecommitdiffstats
path: root/etc/rc.firewall
Commit message (Expand)AuthorAgeFilesLines
* Slight tidy up of comments before MFCjulian2015-06-291-2/+2
* remove 16 rules and replace by 2 by using a tablejulian2015-06-221-22/+14
* Fix a typo.hrs2014-10-201-1/+2
* Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, whichhrs2014-10-171-3/+20
* Whitespace nitkevlo2012-07-131-2/+2
* Spelling fixes for etc/uqs2012-01-071-5/+5
* Remove trailing white space. No functional changes.dougb2010-05-141-3/+3
* Fix grammar in comment.ume2010-04-111-3/+3
* Disambiguate `IPs' to a more specific term.ume2010-04-081-6/+8
* firewall_trusted_ipv6 was gone by r202460. Remove stale comment aboutume2010-04-071-6/+1
* Remove the rules using 'me6'. Now, 'me' matches both any IPv6 addressume2010-01-171-45/+5
* The client type rule allows DHCP, implicitly. Since DHCPv6 usesume2010-01-091-0/+2
* Since the IPv4 rule allows ICMP_TIMXCEED, allowume2010-01-071-1/+4
* Add missing me6 rules. Now, the IPv6 rules become equivalentume2009-12-291-0/+29
* Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6ume2009-12-021-10/+146
* Allow the network addresses and interface names for the "client" andjhb2008-08-151-6/+15
* For the "client" and "simple" network types, collapse the separate "net"jhb2008-08-151-14/+11
* Use 'me' rather than explicit IP addresses for the "simple" and "client"jhb2008-08-151-12/+9
* - back out my last commit as it seems to be wrong.danger2008-08-031-2/+0
* - dns queries might go also over TCP, so allow it.danger2008-07-171-0/+2
* Tweak rc.firewall to allow incoming limited broadcast traffic,keramida2008-06-061-0/+3
* Improve kernel NAT support in rc.firewallrafan2008-01-211-1/+7
* o Correct an info about "Firewalls and Internet Security" book: name,maxim2008-01-121-7/+6
* s/IPFW(4)/ipfw(4) to match the actual man page name.rwatson2007-04-051-1/+1
* In rc.firewall, make it clear that this is the setup for IPFW(4), and notrwatson2007-04-021-1/+1
* Summer of Code 2005: improve libalias - part 2 of 2piso2006-12-291-0/+8
* Give rc.firewall a polish and a new method.phk2006-10-281-16/+107
* don't match packets other than IPv4 against divert rule.ume2005-11-181-1/+1
* DNS should not necessarily be named(8), tweak the comment a bit.ru2003-11-021-1/+1
* Add a header: #!/bin/sh.trhodes2003-02-061-0/+1
* Bring rc.firewall{,6} more in line with the word and spirit ofcjc2002-02-211-7/+17
* Remove a stale entry related to passing ARP with bridging and ipfw.luigi2001-12-271-2/+0
* Sync the code that sucks in rc.conf and friends with what's indd2001-08-141-5/+7
* style nitobrien2001-03-061-1/+1
* Also deny 127.0.0.0/8 going out.obrien2001-03-051-1/+2
* Fix references to Chapman & Zwicky and Cheswick & Bellowin.des2001-02-251-3/+5
* Fix some glaring insecurities in the prototype firewall configurations.nsayer2001-02-201-8/+4
* Add copyright notices. Other systems have been barrowing our /etc filesobrien2000-10-081-2/+29
* Only install `divert natd' rule for predefined firewall types,ru2000-08-301-3/+1
* Make natd(8) "compatible" with firewall_type="simple".ru2000-08-041-17/+46
* Update rev 1.29 -- 'draft-manning-dsua' is now in its 3rd version.obrien2000-07-301-1/+3
* Add an explicit rule number to natd so you do not end up with twops2000-05-081-1/+1
* Add to defaults/rc.conf a new function source_rc_confs which rcsheldonh2000-04-271-0/+1
* Back out the hook to execute the file ${firewall_type}. The intendedbsd2000-04-271-3/+1
* Allow the firewall rules to be established by a shell script insteadbsd2000-04-161-1/+3
* Add a firewall_flags option that is used when ipfw processes a file. It allowspaul2000-02-061-1/+1
* Update this with the additional nets recomended by readingrgrimes2000-01-281-14/+26
* Minor whitespace fix.obrien1999-12-041-2/+1
* Pass IP fragments with non-zero offset. The semantics of matchingru1999-11-041-0/+6
* Add commented entry to the lo0 section inviting bridge users tonsayer1999-10-241-0/+2
OpenPOWER on IntegriCloud