Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | IPFW does not discard *any* IP fragments with OFF=1, only TCP ones. | ru | 2000-10-30 | 1 | -3/+6 | |
| | ||||||
* | Allow for IP_FW_ADD to be used in getsockopt(2) incarnation as | ru | 2000-10-12 | 1 | -3/+3 | |
| | | | | | | | well, in which case return the rule number back into userland. PR: bin/18351 Reviewed by: archie, luigi | |||||
* | Reset globals for every new command read from preprocessed file. | ru | 2000-10-11 | 1 | -12/+14 | |
| | ||||||
* | Only interpret the last command line argument as a file to | ru | 2000-10-11 | 2 | -5/+7 | |
| | | | | | | be preprocessed if it is specified as an absolute pathname. PR: bin/16179 | |||||
* | Convert this Makefile to the usual style. | ru | 2000-10-06 | 1 | -3/+3 | |
| | ||||||
* | Document the latest firewall knobs. | ru | 2000-10-06 | 2 | -32/+91 | |
| | ||||||
* | Respect the protocol when looking the port up by service name. | ru | 2000-10-04 | 1 | -15/+22 | |
| | | | | PR: 21742 | |||||
* | Do not force argument to ``ipid'' modifier be in hex, and | ru | 2000-10-03 | 1 | -9/+11 | |
| | | | | accept value of zero as valid for IP Identification field. | |||||
* | Fixed the printing of TCP flags. | ru | 2000-10-03 | 1 | -1/+1 | |
| | ||||||
* | Add new fields for more granularity: | billf | 2000-10-02 | 1 | -6/+169 | |
| | | | | | | | IP: version, tos, ttl, len, id TCP: seq#, ack#, window size Reviewed by: silence on freebsd-{net,ipfw} | |||||
* | Document that net.inet.ip.fw.one_pass only affects dummynet(4). | ru | 2000-09-29 | 1 | -3/+5 | |
| | | | | Noticed by: Peter Jeremy<peter.jeremy@alcatel.com.au> | |||||
* | optreset is declared in unistd.h now. | imp | 2000-08-16 | 1 | -1/+0 | |
| | ||||||
* | Fix a paste-o in the tcpoptions check (not a security problem, just a | billf | 2000-07-17 | 1 | -1/+1 | |
| | | | | | | error in the usage printf()) Reviewed by: rwatson | |||||
* | Don't call sprintf() with no format string. | kris | 2000-07-10 | 1 | -1/+1 | |
| | ||||||
* | Reorder the "prob" section in the output of list/show so it can be copy/pasted | billf | 2000-06-18 | 1 | -5/+6 | |
| | | | | | | | into add without problems. The previous commit had the other half of this original patch which handled tcpflags/tcpflgs confusion in output/input. | |||||
* | Fix behaviour of "ipfw pipe show" -- previous code gave | luigi | 2000-06-14 | 1 | -6/+6 | |
| | | | | | ambiguous data to the userland program (kernel operation was safe, anyways). | |||||
* | Fixed style bugs of rev 1.66. | ru | 2000-06-12 | 1 | -35/+81 | |
| | ||||||
* | Add tcpoptions to ipfw. This works much in the same way as ipoptions do. | dan | 2000-06-08 | 2 | -5/+88 | |
| | | | | | | | | | | It also squashes 99% of packet kiddie synflood orgies. For example, to rate syn packets without MSS, ipfw pipe 10 config 56Kbit/s queue 10Packets ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss Submitted by: Richard A. Steenbergen <ras@e-gerbil.net> | |||||
* | Document new dummynet functionality, namely WF2Q+ and RED | luigi | 2000-06-08 | 1 | -11/+105 | |
| | ||||||
* | userland side of WF2Q+ support in dummynet. | luigi | 2000-06-08 | 1 | -102/+315 | |
| | | | | Manpage coming later... | |||||
* | Remove extraneous Dv macro that slipped in, in rev 1.64. | sheldonh | 2000-05-03 | 1 | -1/+0 | |
| | ||||||
* | Remove unused include, and place sys includes at top, which enabled | asmodai | 2000-05-01 | 1 | -3/+2 | |
| | | | | us to remove this include. | |||||
* | Allow overriding of net.inet.ip.fw.verbose_limit; if you want to make a | green | 2000-04-30 | 2 | -7/+15 | |
| | | | | rule that logs without a log limit, use "logamount 0" in addition to "log". | |||||
* | A huge rewrite of the manual page (mostly -mdoc related). | ru | 2000-02-28 | 1 | -546/+653 | |
| | | | | Reviewed by: luigi, sheldonh | |||||
* | Use correct field for dst_port when displaying masks on dynamic pipes. | luigi | 2000-02-13 | 1 | -1/+1 | |
| | ||||||
* | Support and document new stateful ipfw features. | luigi | 2000-02-10 | 2 | -15/+290 | |
| | | | | Approved-by: jordan | |||||
* | Support per-flow queueing in dummynet. | luigi | 2000-01-08 | 2 | -296/+531 | |
| | | | | | | | Implement masks on UDP/TCP ports. Large rewrite of the manpage. Work supported by Akamba Corp. | |||||
* | Turn on 'ipfw tee'. Update man page. Please note (from the man page): | archie | 1999-12-06 | 2 | -17/+10 | |
| | | | | | | | | Packets that match a tee rule should not be immediately accepted, but should continue going through the rule list. This may be fixed in a later version. I hope to fix this soon in a separate commit. | |||||
* | Remove one obsoleted entry from the BUGS section. | ru | 1999-10-20 | 1 | -2/+0 | |
| | ||||||
* | Make the "uid" and "gid" code better. Now it can detect invalid user | green | 1999-09-03 | 1 | -4/+20 | |
| | | | | | | names/numbers. Reviewed by: chris | |||||
* | $Id$ -> $FreeBSD$ | peter | 1999-08-28 | 2 | -2/+2 | |
| | ||||||
* | To christen the brand new security category for syslog, we get IPFW | green | 1999-08-21 | 1 | -5/+8 | |
| | | | | | | | | | | | | | | using syslog(3) (log(9)) for its various purposes! This long-awaited change also includes such nice things as: * macros expanding into _two_ comma-delimited arguments! * snprintf! * more snprintf! * linting and criticism by more people than you can shake a stick at! * a slightly more uniform message style than before! and last but not least * no less than 5 rewrites! Reviewed by: committers | |||||
* | Whoops, forgot one line in previous patch. | luigi | 1999-08-12 | 1 | -1/+2 | |
| | ||||||
* | Userland and manual page changes for probabilistic rule match. | luigi | 1999-08-11 | 2 | -4/+41 | |
| | | | | | | Because the kernel change was done in a backward-compatible way, you don't need to recompile ipfw if you don't want to use the new feature. | |||||
* | Make ipfw's logging more dynamic. Now, log will use the default limit | green | 1999-08-01 | 2 | -11/+97 | |
| | | | | | | | | | | | | | _or_ you may specify "log logamount number" to set logging specifically the rule. In addition, "ipfw resetlog" has been added, which will reset the logging counters on any/all rule(s). ipfw resetlog does not affect the packet/byte counters (as ipfw reset does), and is the only "set" command that can be run at securelevel >= 3. This should address complaints about not being able to set logging amounts, not being able to restart logging at a high securelevel, and not being able to just reset logging without resetting all of the counters in a rule. | |||||
* | This is the much-awaited cleaned up version of IPFW [ug]id support. | green | 1999-06-19 | 2 | -2/+62 | |
| | | | | All relevant changes have been made (including ipfw.8). | |||||
* | Document the usage of escape character in a service name. | ru | 1999-06-15 | 1 | -2/+9 | |
| | | | | | PR: 7101 Reminded by: jhs | |||||
* | Workaround the problem that the first (and only first) port name | ru | 1999-06-11 | 1 | -9/+26 | |
| | | | | | | | | | | | can't have a dash character (it is treated as a ``range'' operator). One could now use such a name by escaping the ``-'' characters. For example: # ipfw add 1 count tcp from any to any "ms\-sql\-s" # ipfw add 2 count tcp from any ftp\\-data-ftp to any PR: 7101 | |||||
* | Fix the parsing of ip addresses on a command line. | ru | 1999-06-04 | 1 | -7/+7 | |
| | | | | | | PR: 5047 Reviewed by: des Test case: ipfw add allow ip from 127.1 to any | |||||
* | Spelling corrections for dummynet. | ru | 1999-06-02 | 1 | -4/+5 | |
| | | | | Reviewed by: des,luigi | |||||
* | Manpage cleanup, move $Id$ to #ifndef lint, remove unused includes, | kris | 1999-05-29 | 2 | -25/+27 | |
| | | | | | | grammatical fixes. Submitted by: Philippe Charnier | |||||
* | close pr 10889: | luigi | 1999-05-24 | 1 | -13/+27 | |
| | | | | | | | | | | | | + add a missing call to dn_rule_delete() when flushing firewall rules, thus preventing possible panics due to dangling pointers (this was already done for single rule deletes). + improve "usage" output in ipfw(8) + add a few checks to ipfw pipe parameters and make it a bit more tolerant of common mistakes (such as specifying kbit instead of Kbit) PR: kern/10889 Submitted by: Ruslan Ermilov | |||||
* | Add ICMP types to list of information about each packet. | ghelmer | 1999-04-29 | 1 | -2/+33 | |
| | ||||||
* | Explain when packets are tesed by the firewall rules and what attributes | ghelmer | 1999-04-28 | 1 | -23/+128 | |
| | | | | | | of packets can be tested. PR: docs/7437 | |||||
* | Convert LKM/modload to KLD/kldload. Add ref to kldload(8). | ghelmer | 1999-04-08 | 1 | -2/+3 | |
| | | | | Submitted by: Nathan Ahlstrom <nrahlstr@winternet.com> | |||||
* | Fix bug where 'ipfw list' would choke if there were a large number of rules. | archie | 1999-01-22 | 1 | -79/+95 | |
| | ||||||
* | Fix misleading wording in ipfw(8) man page. | archie | 1999-01-21 | 1 | -3/+3 | |
| | | | | PR: docs/9603 | |||||
* | Remove coredump when running "ipfw pipe" without more arguments. | luigi | 1998-12-27 | 1 | -1/+4 | |
| | | | | PR: 8937 | |||||
* | Mention affect of securelevel 3 and higher on attempts to change filter lists. | ghelmer | 1998-12-16 | 1 | -0/+6 | |
| | | | | Prompted by: PR docs/7785 | |||||
* | ipfw changes for dummynet. manpages still missing | luigi | 1998-12-14 | 1 | -2/+155 | |
| |