| Commit message (Expand) | Author | Age | Files | Lines |
* | Add the ability to associate ipfw rules with a specific prison ID. | csjp | 2004-08-12 | 1 | -1/+9 |
* | Only invoke verify_path() for verrevpath and versrcreach when we have an IP p... | andre | 2004-08-11 | 1 | -4/+4 |
* | New ipfw option "antispoof": | andre | 2004-08-09 | 1 | -0/+11 |
* | Extend versrcreach by checking against the rt_flags for RTF_REJECT and | andre | 2004-07-21 | 1 | -0/+6 |
* | Make M_SKIP_FIREWALL a global (and semantic) flag, preventing anything from | jmallett | 2004-07-17 | 1 | -12/+0 |
* | Do a pass over all modules in the kernel and make them return EOPNOTSUPP | phk | 2004-07-15 | 1 | -0/+1 |
* | When asserting non-Giant locks in the network stack, also assert | rwatson | 2004-06-24 | 1 | -1/+4 |
* | Modify ip fw so that whenever UID or GID constraints exist in a | csjp | 2004-06-11 | 1 | -30/+77 |
* | init_tables() must be run after sys/net/route.c:route_init(). | ru | 2004-06-10 | 1 | -1/+4 |
* | Introduce a new feature to IPFW2: lookup tables. These are useful | ru | 2004-06-09 | 1 | -1/+324 |
* | Add some missing <sys/module.h> includes which are masked by the | phk | 2004-05-30 | 1 | -0/+1 |
* | Add a super-user check to ipfw_ctl() to make sure that the calling | csjp | 2004-05-25 | 1 | -0/+4 |
* | Add the option versrcreach to verify that a valid route to the | andre | 2004-04-23 | 1 | -7/+31 |
* | Re-remove MT_TAGs. The problems with dummynet have been fixed now. | mlaier | 2004-02-25 | 1 | -5/+25 |
* | Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet is | mlaier | 2004-02-18 | 1 | -25/+5 |
* | This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacing | mlaier | 2004-02-13 | 1 | -5/+25 |
* | NULL is not 0. | ume | 2003-12-24 | 1 | -1/+1 |
* | o IN_MULTICAST wants an address in host byte order. | maxim | 2003-12-16 | 1 | -1/+1 |
* | Include opt_ipsec.h so IPSEC/FAST_IPSEC is defined and the appropriate | sam | 2003-12-02 | 1 | -0/+1 |
* | Fix verify_rev_path() function. The author of this function tried to | andre | 2003-11-27 | 1 | -13/+7 |
* | Correct a problem where ipfw-generated packets were being returned | sam | 2003-11-24 | 1 | -5/+9 |
* | Use MPSAFE callouts only when debug.mpsafenet is 1. Both timer routines | sam | 2003-11-23 | 1 | -1/+1 |
* | Introduce tcp_hostcache and remove the tcp specific metrics from | andre | 2003-11-20 | 1 | -3/+6 |
* | Remove RTF_PRCLONING from routing table and adjust users of it | andre | 2003-11-20 | 1 | -1/+1 |
* | Fix an arguments order in check_uidgid() call. | maxim | 2003-11-20 | 1 | -2/+2 |
* | Remove the global one-level rtcache variable and associated | andre | 2003-11-14 | 1 | -6/+1 |
* | Move uid/gid checking logic out of line and lock inpcb usage. This | sam | 2003-11-07 | 1 | -40/+60 |
* | use ipsec_getnhist() instead of obsoleted ipsec_gethist(). | ume | 2003-11-07 | 1 | -1/+1 |
* | Replace the if_name and if_unit members of struct ifnet with new members | brooks | 2003-10-31 | 1 | -8/+9 |
* | Malloc buckets of size 128 have been having their 64-byte offset | mckusick | 2003-10-16 | 1 | -4/+7 |
* | Bandaid locking change: mark static rule mutex recursive so re-entry when | sam | 2003-09-17 | 1 | -1/+2 |
* | Add locking. | sam | 2003-09-17 | 1 | -164/+309 |
* | Allow set 31 to be used for rules other than 65535. | luigi | 2003-07-15 | 1 | -23/+27 |
* | Implement comments embedded into ipfw2 instructions. | luigi | 2003-07-12 | 1 | -1/+1 |
* | Merge the handlers of O_IP_SRC_MASK and O_IP_DST_MASK opcodes, and | luigi | 2003-07-08 | 1 | -17/+13 |
* | Implement the 'ipsec' option to match packets coming out of an ipsec tunnel. | luigi | 2003-07-04 | 1 | -0/+16 |
* | whitespace fix | luigi | 2003-06-28 | 1 | -1/+1 |
* | Remove whitespace at end of line. | luigi | 2003-06-23 | 1 | -4/+4 |
* | Add support for multiple values and ranges for the "iplen", "ipttl", | luigi | 2003-06-22 | 1 | -12/+29 |
* | Change handling to support strong alignment architectures such as alpha and | ticso | 2003-06-04 | 1 | -6/+15 |
* | Account for packets processed at layer-2 (i.e. net.link.ether.ipfw=1). | kbyanc | 2003-06-02 | 1 | -3/+6 |
* | Add a 'verrevpath' option that verifies the interface that a packet | cjc | 2003-03-15 | 1 | -0/+50 |
* | Back out M_* changes, per decision of the TRB. | imp | 2003-02-19 | 1 | -2/+2 |
* | o Fix ipfw uid rules: socheckuid() returns 0 when uid matches a socket | maxim | 2003-02-17 | 1 | -2/+2 |
* | Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. | alfred | 2003-01-21 | 1 | -2/+2 |
* | If the first action is O_LOG adjust a pointer to the real one, unbreaks | maxim | 2003-01-20 | 1 | -0/+2 |
* | Introduce the ability to flag a sysctl for operation at secure level 2 or 3 | dillon | 2003-01-14 | 1 | -3/+3 |
* | Bridged packets are supplied to the firewall with their IP header | iedowse | 2002-12-27 | 1 | -2/+8 |
* | o De-anonymity dummynet(4) and ipfw(4) messages, prepend them | maxim | 2002-12-24 | 1 | -15/+16 |
* | o Fix byte order logging issue: sa.sin_port is already in host byte order. | maxim | 2002-12-15 | 1 | -1/+1 |