Commit Graph

89 Commits

Author SHA1 Message Date
martti
0486c7bccc Show active rules correctly if "portmap auto" is used (PR#16615 by Sergey
Svishchev)
2002-05-03 08:27:10 +00:00
jdolecek
fb5ea935fe remove stuff not relevant for NetBSD 2002-05-02 21:45:06 +00:00
martti
dc57912eac This is in /sys/netinet 2002-05-02 17:27:25 +00:00
martti
e74092de02 Upgraded IPFilter to 3.4.27 2002-05-02 17:11:37 +00:00
martti
0071d2a114 Import IPFilter 3.4.27 2002-05-02 16:51:52 +00:00
martti
d02c43db4c Import IPFilter 3.4.27 2002-05-02 16:48:42 +00:00
martti
48e5349fdc Import IPFilter 3.4.27 2002-05-02 16:47:12 +00:00
kleink
ac4fd59f8c `Normalize' the pid file contents to "<pid><newline>", just like
pidfile(3) does; patch sent to Darren a while ago.
2002-04-17 12:06:23 +00:00
wiz
7cb50ab7ee Spelling fixes and grammar improvements. 2002-04-14 14:35:05 +00:00
martin
a3f3f844dc Document the mssclamp option. 2002-04-14 07:53:46 +00:00
thorpej
082e0b796d Add the __unused__ attribute to rcsid[]/sccsid[]. Need to talk
to Darren about this more, but this gets it to compile with gcc 3.2.
2002-04-09 02:32:51 +00:00
martti
3c53e00e43 Don't remove ip_h323_pxy.c 2002-04-03 09:32:06 +00:00
jdolecek
1414ac04e0 remove stuff not related to NetBSD 2002-04-01 15:58:08 +00:00
jdolecek
aa2f829ddf remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
martin
58d564bc8c Add MSS clamping to the IP Filter NAT subsystem.
Configured by a new option "mssclamp" in NAT rules, like:

 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452

This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
martti
a79df224af Import IPFilter 3.4.25 2002-03-14 12:30:07 +00:00
martti
27df1070c7 Don't import ip_h323_pxy.c (license issues) 2002-03-14 08:07:06 +00:00
sommerfeld
3e18fc136f More ipip references 2002-03-04 15:15:39 +00:00
martti
c6a4a9d33a Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.

Consider the following rules:

  # cat /etc/ipf6.conf
  pass in quick proto ipv6-icmp from any to any icmp-type 128
  pass in quick proto ipv6-icmp from any to any icmp-type echo

Use of symbolic names give now the following error:

  # ipf -Fa -6f /etc/ipf6.conf
  2: Unknown ICMPv6 type (echo) specified (use numeric value instead)

The first rule with numeric value will work as expected:

  # ipfstat -6hi
  0 pass in quick proto ipv6-icmp from any to any icmp-type 128

NOTE: You MUST use numerical values for ICMPv6 types. See
      /sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
martti
6ffd37ccd1 Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  22: Invalid icmp-type (echo) specified

With version 1.7 everything works just fine:

  ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  Set 1 now inactive
2002-02-04 12:00:52 +00:00
martti
bfc0fa18e9 Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
this fix ipfstat reported:

  0 pass in quick proto ipv6-icmp from any to any

while after this fix:

  0 pass in quick proto ipv6-icmp from any to any icmp-type 8

This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00
martin
d4e37ff89e Add a missing "else". 2002-01-24 10:40:12 +00:00
martti
5ecddfad8c Fixed return value (I was unable to compile this on sparc64 before
this fix).
2002-01-24 08:30:27 +00:00
martti
7421720886 This file is not needed 2002-01-24 08:25:37 +00:00
martti
e6acaff1c5 This file is in /sys/netinet 2002-01-24 08:25:21 +00:00
martti
a0dddbc807 Manual page fixes regarding IPv6 2002-01-24 08:24:14 +00:00
martti
b9920d0f43 Upgraded IPFilter to 3.4.23 2002-01-24 08:21:30 +00:00
martti
b0499f9062 Import IPFilter 3.4.23 2002-01-24 08:18:28 +00:00
martti
14b3179d7c Added ip_netbios_pxy.c and ip_ipsec_pxy.c 2002-01-23 11:03:19 +00:00
wiz
1fd7eeefcd "than" instead of "then". 2001-11-21 19:14:19 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
wiz
e3f8252b49 Xref ipf(8) instead of non-existing ipf(1). 2001-09-09 17:22:59 +00:00
wiz
1288f79bbd Xref curses(3) instead of ncurses(3). 2001-09-09 17:22:39 +00:00
wiz
23fec241fa Change Xref to ipfilter(4) from [not installed] ipfilter(5). 2001-09-03 01:19:05 +00:00
mrg
2a32c938de make this program actually work. 2001-06-07 14:15:39 +00:00
mike
2e4a6df0d4 Change perl location from /usr/local/bin/perl to /usr/pkg/bin/perl. 2001-04-11 19:08:05 +00:00
wiz
bc80fa8140 Fix typo. 2001-04-11 09:41:37 +00:00
wiz
c73fe2d6a1 protocols(5), not (4). 2001-04-09 12:39:02 +00:00
mike
fb2dc295a6 Resolve conflicts. 2001-03-26 06:11:46 +00:00
mike
204c25d632 Import IP Filter 3.4.16 2001-03-26 03:52:19 +00:00
christos
713e855d22 we are NetBSD -- we don't need stinking ncurses. 2001-03-13 16:30:39 +00:00
simonb
85213a5c3e Clean up wording slightly in previous. 2001-01-25 11:59:27 +00:00
itojun
8e11103138 document about ipf interaction with ipsec tunnel, and tunnelling devices.
(the behavior is netbsd specific)
2001-01-25 11:16:16 +00:00
hubertf
9934ff5271 Xref ipf.conf(5) 2001-01-07 04:33:47 +00:00
is
890345ee05 Format string cleanups by Bill Sommerfeld. 2000-10-09 14:52:15 +00:00
veego
b3d0df91fb Resolve conflicts. 2000-08-09 21:00:39 +00:00
veego
dd200b1b9b Import IP Filter 3.4.9 2000-08-09 20:49:40 +00:00
thorpej
6acc606aa4 Update to reflect that you don't need to explicitly do an
`ipf -E' in order to be able to use NAT.
2000-08-06 07:05:50 +00:00
veego
5189b64cf6 Resolve conflicts. 2000-06-12 10:43:24 +00:00