summaryrefslogtreecommitdiffstats
path: root/sbin/ipfw
Commit message (Collapse)AuthorAgeFilesLines
...
* IPFW does not discard *any* IP fragments with OFF=1, only TCP ones.ru2000-10-301-3/+6
|
* Allow for IP_FW_ADD to be used in getsockopt(2) incarnation asru2000-10-121-3/+3
| | | | | | | well, in which case return the rule number back into userland. PR: bin/18351 Reviewed by: archie, luigi
* Reset globals for every new command read from preprocessed file.ru2000-10-111-12/+14
|
* Only interpret the last command line argument as a file toru2000-10-112-5/+7
| | | | | | be preprocessed if it is specified as an absolute pathname. PR: bin/16179
* Convert this Makefile to the usual style.ru2000-10-061-3/+3
|
* Document the latest firewall knobs.ru2000-10-062-32/+91
|
* Respect the protocol when looking the port up by service name.ru2000-10-041-15/+22
| | | | PR: 21742
* Do not force argument to ``ipid'' modifier be in hex, andru2000-10-031-9/+11
| | | | accept value of zero as valid for IP Identification field.
* Fixed the printing of TCP flags.ru2000-10-031-1/+1
|
* Add new fields for more granularity:billf2000-10-021-6/+169
| | | | | | | IP: version, tos, ttl, len, id TCP: seq#, ack#, window size Reviewed by: silence on freebsd-{net,ipfw}
* Document that net.inet.ip.fw.one_pass only affects dummynet(4).ru2000-09-291-3/+5
| | | | Noticed by: Peter Jeremy<peter.jeremy@alcatel.com.au>
* optreset is declared in unistd.h now.imp2000-08-161-1/+0
|
* Fix a paste-o in the tcpoptions check (not a security problem, just abillf2000-07-171-1/+1
| | | | | | error in the usage printf()) Reviewed by: rwatson
* Don't call sprintf() with no format string.kris2000-07-101-1/+1
|
* Reorder the "prob" section in the output of list/show so it can be copy/pastedbillf2000-06-181-5/+6
| | | | | | | into add without problems. The previous commit had the other half of this original patch which handled tcpflags/tcpflgs confusion in output/input.
* Fix behaviour of "ipfw pipe show" -- previous code gaveluigi2000-06-141-6/+6
| | | | | ambiguous data to the userland program (kernel operation was safe, anyways).
* Fixed style bugs of rev 1.66.ru2000-06-121-35/+81
|
* Add tcpoptions to ipfw. This works much in the same way as ipoptions do.dan2000-06-082-5/+88
| | | | | | | | | | It also squashes 99% of packet kiddie synflood orgies. For example, to rate syn packets without MSS, ipfw pipe 10 config 56Kbit/s queue 10Packets ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
* Document new dummynet functionality, namely WF2Q+ and REDluigi2000-06-081-11/+105
|
* userland side of WF2Q+ support in dummynet.luigi2000-06-081-102/+315
| | | | Manpage coming later...
* Remove extraneous Dv macro that slipped in, in rev 1.64.sheldonh2000-05-031-1/+0
|
* Remove unused include, and place sys includes at top, which enabledasmodai2000-05-011-3/+2
| | | | us to remove this include.
* Allow overriding of net.inet.ip.fw.verbose_limit; if you want to make agreen2000-04-302-7/+15
| | | | rule that logs without a log limit, use "logamount 0" in addition to "log".
* A huge rewrite of the manual page (mostly -mdoc related).ru2000-02-281-546/+653
| | | | Reviewed by: luigi, sheldonh
* Use correct field for dst_port when displaying masks on dynamic pipes.luigi2000-02-131-1/+1
|
* Support and document new stateful ipfw features.luigi2000-02-102-15/+290
| | | | Approved-by: jordan
* Support per-flow queueing in dummynet.luigi2000-01-082-296/+531
| | | | | | | Implement masks on UDP/TCP ports. Large rewrite of the manpage. Work supported by Akamba Corp.
* Turn on 'ipfw tee'. Update man page. Please note (from the man page):archie1999-12-062-17/+10
| | | | | | | | Packets that match a tee rule should not be immediately accepted, but should continue going through the rule list. This may be fixed in a later version. I hope to fix this soon in a separate commit.
* Remove one obsoleted entry from the BUGS section.ru1999-10-201-2/+0
|
* Make the "uid" and "gid" code better. Now it can detect invalid usergreen1999-09-031-4/+20
| | | | | | names/numbers. Reviewed by: chris
* $Id$ -> $FreeBSD$peter1999-08-282-2/+2
|
* To christen the brand new security category for syslog, we get IPFWgreen1999-08-211-5/+8
| | | | | | | | | | | | | | using syslog(3) (log(9)) for its various purposes! This long-awaited change also includes such nice things as: * macros expanding into _two_ comma-delimited arguments! * snprintf! * more snprintf! * linting and criticism by more people than you can shake a stick at! * a slightly more uniform message style than before! and last but not least * no less than 5 rewrites! Reviewed by: committers
* Whoops, forgot one line in previous patch.luigi1999-08-121-1/+2
|
* Userland and manual page changes for probabilistic rule match.luigi1999-08-112-4/+41
| | | | | | Because the kernel change was done in a backward-compatible way, you don't need to recompile ipfw if you don't want to use the new feature.
* Make ipfw's logging more dynamic. Now, log will use the default limitgreen1999-08-012-11/+97
| | | | | | | | | | | | | _or_ you may specify "log logamount number" to set logging specifically the rule. In addition, "ipfw resetlog" has been added, which will reset the logging counters on any/all rule(s). ipfw resetlog does not affect the packet/byte counters (as ipfw reset does), and is the only "set" command that can be run at securelevel >= 3. This should address complaints about not being able to set logging amounts, not being able to restart logging at a high securelevel, and not being able to just reset logging without resetting all of the counters in a rule.
* This is the much-awaited cleaned up version of IPFW [ug]id support.green1999-06-192-2/+62
| | | | All relevant changes have been made (including ipfw.8).
* Document the usage of escape character in a service name.ru1999-06-151-2/+9
| | | | | PR: 7101 Reminded by: jhs
* Workaround the problem that the first (and only first) port nameru1999-06-111-9/+26
| | | | | | | | | | | can't have a dash character (it is treated as a ``range'' operator). One could now use such a name by escaping the ``-'' characters. For example: # ipfw add 1 count tcp from any to any "ms\-sql\-s" # ipfw add 2 count tcp from any ftp\\-data-ftp to any PR: 7101
* Fix the parsing of ip addresses on a command line.ru1999-06-041-7/+7
| | | | | | PR: 5047 Reviewed by: des Test case: ipfw add allow ip from 127.1 to any
* Spelling corrections for dummynet.ru1999-06-021-4/+5
| | | | Reviewed by: des,luigi
* Manpage cleanup, move $Id$ to #ifndef lint, remove unused includes,kris1999-05-292-25/+27
| | | | | | grammatical fixes. Submitted by: Philippe Charnier
* close pr 10889:luigi1999-05-241-13/+27
| | | | | | | | | | | | + add a missing call to dn_rule_delete() when flushing firewall rules, thus preventing possible panics due to dangling pointers (this was already done for single rule deletes). + improve "usage" output in ipfw(8) + add a few checks to ipfw pipe parameters and make it a bit more tolerant of common mistakes (such as specifying kbit instead of Kbit) PR: kern/10889 Submitted by: Ruslan Ermilov
* Add ICMP types to list of information about each packet.ghelmer1999-04-291-2/+33
|
* Explain when packets are tesed by the firewall rules and what attributesghelmer1999-04-281-23/+128
| | | | | | of packets can be tested. PR: docs/7437
* Convert LKM/modload to KLD/kldload. Add ref to kldload(8).ghelmer1999-04-081-2/+3
| | | | Submitted by: Nathan Ahlstrom <nrahlstr@winternet.com>
* Fix bug where 'ipfw list' would choke if there were a large number of rules.archie1999-01-221-79/+95
|
* Fix misleading wording in ipfw(8) man page.archie1999-01-211-3/+3
| | | | PR: docs/9603
* Remove coredump when running "ipfw pipe" without more arguments.luigi1998-12-271-1/+4
| | | | PR: 8937
* Mention affect of securelevel 3 and higher on attempts to change filter lists.ghelmer1998-12-161-0/+6
| | | | Prompted by: PR docs/7785
* ipfw changes for dummynet. manpages still missingluigi1998-12-141-2/+155
|
OpenPOWER on IntegriCloud