martti
0486c7bccc
Show active rules correctly if "portmap auto" is used (PR#16615 by Sergey
...
Svishchev)
2002-05-03 08:27:10 +00:00
jdolecek
fb5ea935fe
remove stuff not relevant for NetBSD
2002-05-02 21:45:06 +00:00
martti
dc57912eac
This is in /sys/netinet
2002-05-02 17:27:25 +00:00
martti
e74092de02
Upgraded IPFilter to 3.4.27
2002-05-02 17:11:37 +00:00
martti
0071d2a114
Import IPFilter 3.4.27
2002-05-02 16:51:52 +00:00
martti
d02c43db4c
Import IPFilter 3.4.27
2002-05-02 16:48:42 +00:00
martti
48e5349fdc
Import IPFilter 3.4.27
2002-05-02 16:47:12 +00:00
kleink
ac4fd59f8c
`Normalize' the pid file contents to "<pid><newline>", just like
...
pidfile(3) does; patch sent to Darren a while ago.
2002-04-17 12:06:23 +00:00
wiz
7cb50ab7ee
Spelling fixes and grammar improvements.
2002-04-14 14:35:05 +00:00
martin
a3f3f844dc
Document the mssclamp option.
2002-04-14 07:53:46 +00:00
thorpej
082e0b796d
Add the __unused__ attribute to rcsid[]/sccsid[]. Need to talk
...
to Darren about this more, but this gets it to compile with gcc 3.2.
2002-04-09 02:32:51 +00:00
martti
3c53e00e43
Don't remove ip_h323_pxy.c
2002-04-03 09:32:06 +00:00
jdolecek
1414ac04e0
remove stuff not related to NetBSD
2002-04-01 15:58:08 +00:00
jdolecek
aa2f829ddf
remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
...
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
martin
58d564bc8c
Add MSS clamping to the IP Filter NAT subsystem.
...
Configured by a new option "mssclamp" in NAT rules, like:
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
83b3487b70
Upgraded IPFilter to 3.4.25
2002-03-14 12:32:36 +00:00
martti
a79df224af
Import IPFilter 3.4.25
2002-03-14 12:30:07 +00:00
martti
27df1070c7
Don't import ip_h323_pxy.c (license issues)
2002-03-14 08:07:06 +00:00
sommerfeld
3e18fc136f
More ipip references
2002-03-04 15:15:39 +00:00
martti
c6a4a9d33a
Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
...
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.
Consider the following rules:
# cat /etc/ipf6.conf
pass in quick proto ipv6-icmp from any to any icmp-type 128
pass in quick proto ipv6-icmp from any to any icmp-type echo
Use of symbolic names give now the following error:
# ipf -Fa -6f /etc/ipf6.conf
2: Unknown ICMPv6 type (echo) specified (use numeric value instead)
The first rule with numeric value will work as expected:
# ipfstat -6hi
0 pass in quick proto ipv6-icmp from any to any icmp-type 128
NOTE: You MUST use numerical values for ICMPv6 types. See
/sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
martti
6ffd37ccd1
Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
...
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
22: Invalid icmp-type (echo) specified
With version 1.7 everything works just fine:
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
Set 1 now inactive
2002-02-04 12:00:52 +00:00
martti
bfc0fa18e9
Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
...
this fix ipfstat reported:
0 pass in quick proto ipv6-icmp from any to any
while after this fix:
0 pass in quick proto ipv6-icmp from any to any icmp-type 8
This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00
martin
d4e37ff89e
Add a missing "else".
2002-01-24 10:40:12 +00:00
martti
5ecddfad8c
Fixed return value (I was unable to compile this on sparc64 before
...
this fix).
2002-01-24 08:30:27 +00:00
martti
7421720886
This file is not needed
2002-01-24 08:25:37 +00:00
martti
e6acaff1c5
This file is in /sys/netinet
2002-01-24 08:25:21 +00:00
martti
a0dddbc807
Manual page fixes regarding IPv6
2002-01-24 08:24:14 +00:00
martti
b9920d0f43
Upgraded IPFilter to 3.4.23
2002-01-24 08:21:30 +00:00
martti
b0499f9062
Import IPFilter 3.4.23
2002-01-24 08:18:28 +00:00
martti
14b3179d7c
Added ip_netbios_pxy.c and ip_ipsec_pxy.c
2002-01-23 11:03:19 +00:00
wiz
1fd7eeefcd
"than" instead of "then".
2001-11-21 19:14:19 +00:00
wiz
456dff6cb8
Spell 'occurred' with two 'r's.
2001-09-16 16:34:23 +00:00
wiz
e3f8252b49
Xref ipf(8) instead of non-existing ipf(1).
2001-09-09 17:22:59 +00:00
wiz
1288f79bbd
Xref curses(3) instead of ncurses(3).
2001-09-09 17:22:39 +00:00
wiz
23fec241fa
Change Xref to ipfilter(4) from [not installed] ipfilter(5).
2001-09-03 01:19:05 +00:00
mrg
2a32c938de
make this program actually work.
2001-06-07 14:15:39 +00:00
mike
2e4a6df0d4
Change perl location from /usr/local/bin/perl to /usr/pkg/bin/perl.
2001-04-11 19:08:05 +00:00
wiz
bc80fa8140
Fix typo.
2001-04-11 09:41:37 +00:00
wiz
c73fe2d6a1
protocols(5), not (4).
2001-04-09 12:39:02 +00:00
mike
fb2dc295a6
Resolve conflicts.
2001-03-26 06:11:46 +00:00
mike
204c25d632
Import IP Filter 3.4.16
2001-03-26 03:52:19 +00:00
christos
713e855d22
we are NetBSD -- we don't need stinking ncurses.
2001-03-13 16:30:39 +00:00
simonb
85213a5c3e
Clean up wording slightly in previous.
2001-01-25 11:59:27 +00:00
itojun
8e11103138
document about ipf interaction with ipsec tunnel, and tunnelling devices.
...
(the behavior is netbsd specific)
2001-01-25 11:16:16 +00:00
hubertf
9934ff5271
Xref ipf.conf(5)
2001-01-07 04:33:47 +00:00
is
890345ee05
Format string cleanups by Bill Sommerfeld.
2000-10-09 14:52:15 +00:00
veego
b3d0df91fb
Resolve conflicts.
2000-08-09 21:00:39 +00:00
veego
dd200b1b9b
Import IP Filter 3.4.9
2000-08-09 20:49:40 +00:00
thorpej
6acc606aa4
Update to reflect that you don't need to explicitly do an
...
`ipf -E' in order to be able to use NAT.
2000-08-06 07:05:50 +00:00
veego
5189b64cf6
Resolve conflicts.
2000-06-12 10:43:24 +00:00