summaryrefslogtreecommitdiffstats
path: root/sbin/ipfw
Commit message (Collapse)AuthorAgeFilesLines
* Revert $FreeBSD$ to $Id$peter1997-02-221-1/+1
|
* Add '-q' quiet flag for flush/add/zero commands; add 'show' command asdanny1997-02-102-8/+50
| | | | | | | synonym for '-a list'; stop SEGV when specifying 'via' with no interface; change 2 instances of strcpy() to strncpy(). This is a candidate for 2.2
* Adjust spelling of `fw_flg' so this thing compiles again.jkh1997-01-171-2/+2
|
* implement "not" keyword for inverting the address logicadam1997-01-162-12/+23
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Minor mdoc/style fixes.mpp1996-12-231-48/+39
|
* Fix up programs which expect <net/if.h> to include <sys/time.h> to insteadwollman1996-12-101-9/+13
| | | | | | do it themselves. (Some of these programs actually depended on this beyond compiling the definition of struct ifinfo!) Also fix up some other #include messes while we're at it.
* Fix a spelling error.jdp1996-11-051-1/+1
| | | | 2.2 Candidate.
* Issue a warning if the user specifies an invalid interface in a rule.alex1996-10-171-1/+25
| | | | | The rule is still added to the chain since the interface may get created later on after loading an LKM.
* Note that -N is only effective when ipfw is displaying chain entries.alex1996-09-151-1/+1
|
* Because 'ipfw flush' is such a dangerous command (given that mostnate1996-08-312-8/+42
| | | | | | | | | | | | | | firewalls are remote, and this command will kill the network connection to them), prompt the user for confirmation of this command. Also, add the '-f' flag which ignores the need for confirmation the command, and if there is no controlling tty (isatty(STDIN_FILENO) !=0) assume '-f'. If anyone is using ipfw flush in scripts it shouldn't affect them, but you may want to change the script to use a 'ipfw -f flush'. Reviewed by: alex
* Use the .Fx macro where appropriate.mpp1996-08-231-1/+2
|
* Completely rewrite handling of protocol field for firewalls, things arepst1996-08-132-130/+72
| | | | | | | | | | | | | | | | | now completely consistent across all IP protocols and should be quite a bit faster. Use getprotoname() extensively, performed minor cleanups of admin utility. The admin utility could use a good kick in the pants. Basicly, these were the minimal changes I could make to the code to get it up to tollerable shape. There will be some future commits to clean up the basic architecture of the firewall code, and if I'm feeling ambitious, I may pull in changes like NAT from Linux and make the firewall hooks comletely generic so that a user can either load the ipfw module or the ipfilter module (cf Darren Reed). Discussed with: fenner & alex
* Fix tcp/udp port rangespst1996-08-131-3/+3
|
* Filter by IP protocol.alex1996-08-052-28/+72
| | | | | | Submitted by: fenner (with modifications by me) Bring in the interface unit wildcard flag fix from rev 1.15.4.8.
* Adding changes to ipfw and the kernel to support ip packet diversion..julian1996-07-102-32/+80
| | | | | | This stuff should not be too destructive if the IPDIVERT is not compiled in.. be aware that this changes the size of the ip_fw struct so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
* Correct definition of 'established' keyword.alex1996-07-021-1/+1
|
* Formatting fixes for 'in' and 'out' while listing.alex1996-06-291-22/+32
| | | | | | | Prevent ALL protocol from being used with port specifications. Allow 'via' keyword at any point in the options list. Disallow multiple 'via' specifications.
* Fix port specification syntax.alex1996-06-291-1/+1
| | | | Submitted by: nate
* Fix address mask calculation when using ':' syntax. Allow a maskalex1996-06-231-13/+23
| | | | | | | | of /0 to have the desired effect. Normalize IP addresses that won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24). Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za> Code formatting and "frag" display fixes.
* Set the program name before trying to use it.alex1996-06-181-3/+3
| | | | Found by: Aage Robekk <aagero@aage.priv.no>
* Fix a typo in the view accounting records example.alex1996-06-151-1/+1
|
* Bring the man page more into line with reality.alex1996-06-151-259/+94
|
* Big sweep over ipfw, picking up where Poul left off:alex1996-06-091-23/+197
| | | | | | | | | | | | | | | - Filter based on ICMP types. - Accept interface wildcards (e.g. ppp*). - Resolve service names with the -N option. - Accept host names in 'from' and 'to' specifications - Display chain entry time stamps with the -t option. - Added URG to tcpflags. - Print usage if an unknown tcpflag is used. - Ability to zero individual accounting entries. - Clarify usage of port ranges. - Misc code cleanup. Closes PRs: 1193, 1220, and 1266.
* Some cosmetics and some better error-checking.phk1996-05-111-46/+43
| | | | | | Reviewed by: phk Submitted by: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Submitted by: Archie Cobbs <archie@whistle.com>
* recognize "allow", "accept" and "pass"phk1996-04-031-6/+8
| | | | add new feature for "established"
* A couple of bug-fixes.phk1996-04-021-4/+4
| | | | | Reviewed by: phk Submitted by: "Frank ten Wolde" <franky@pinewood.nl>
* Update to match kernel code.phk1996-02-243-100/+252
|
* A new ipfw program that can set and control the new features.phk1996-02-242-969/+400
| | | | An almost correct usage is printed.
* Update -current ipfw program as well.phk1996-02-232-170/+29
| | | | I hope it all compiles...
* Document that the firewall will no longer reorder the rules.phk1996-02-131-3/+8
|
* Fix a bunch of spelling errors.mpp1996-01-291-3/+3
|
* This commit was generated by cvs2svn to compensate for changes in r13122,peter1995-12-301-610/+0
| | | | which included commits to RCS files with non-trunk default branches.
* recording cvs-1.6 file deathpeter1995-12-302-733/+0
|
* Convert manpage to -mandoc macros.nate1995-10-261-130/+307
| | | | | | Submitted by: Gary Palmer <gary@palmer.demon.co.uk> Minor cleanup by me in the English.
* Support all the tcpflag options in firewall.ugen1995-10-231-33/+215
| | | | | | Add reading options from file, now ipfw <filename> will read commands string after string from file , form of strings same as command line interface.
* Support IP Option smatching in grammar and listing.ugen1995-10-011-30/+130
| | | | | TcpSyn option removed and will be shortly repoaced by support of all TCP Flags including syn and ack...
* Correct minor nit - to filter out SYN packets, the keyword isgpalmer1995-08-311-1/+1
| | | | | `syn' not `tcpsyn' (which matches `tcp' which blocks all tcp packets)
* Add $Id$gpalmer1995-08-221-0/+3
|
* Remove trailing whitespace.rgrimes1995-05-301-38/+38
|
* make pass work also as the first keywordugen1995-03-301-1/+1
| | | | | | | (while addf skipped) Reviewed by: Submitted by: Obtained from:
* Update manpage..BTW,if somebody wit good Englishugen1995-03-031-8/+21
| | | | would go through it and fix it would be a really good idea.
* Oops..remove some debugging leftover..ugen1995-03-031-1/+0
|
* Ok..so everybody picking on me that ipfw syntacsugen1995-03-031-106/+172
| | | | | | | | | | | is a pain in ...wel.. trying to fix this * from/to/via position indepenndant syntax * "any" for 0/0 host address * addf/addb default keyword in case you skip it.. * pass = accept new action, seems to be somewhat better in particular cases * on = via (as on ed0 instead of via ed0,loook at reject tcp on ed0 from hacker )
* Fixed manpage..ldeny,lreject and log options are thereugen1995-02-271-3/+2
| | | | | and others not.. Submitted by: torstenb@FreeBSD.ORG
* Change utility to accept interface nameugen1995-02-242-10/+59
| | | | along with IP as "via" argument
* ipfirewall.4 is obviously not here anymore! Adjust the Makefile.jkh1995-02-181-2/+0
|
* Finally document "via" feature..ugen1995-02-171-5/+9
|
* Ppl asked to make ipfw smarter..ok..ugen1995-02-141-3/+3
| | | | here it is..
* Fix for rather stupid bug by which you couldn't setugen1995-02-141-3/+4
| | | | | | ports for the destination IP addr/port. Nobody reported this btw , while a lot of other things reported- probably ppl does not use destination ports at all????
OpenPOWER on IntegriCloud