Commit Graph

126 Commits

Author SHA1 Message Date
jdolecek
aa2f829ddf remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
martin
58d564bc8c Add MSS clamping to the IP Filter NAT subsystem.
Configured by a new option "mssclamp" in NAT rules, like:

 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452

This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
martti
a79df224af Import IPFilter 3.4.25 2002-03-14 12:30:07 +00:00
martti
27df1070c7 Don't import ip_h323_pxy.c (license issues) 2002-03-14 08:07:06 +00:00
sommerfeld
3e18fc136f More ipip references 2002-03-04 15:15:39 +00:00
martti
c6a4a9d33a Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.

Consider the following rules:

  # cat /etc/ipf6.conf
  pass in quick proto ipv6-icmp from any to any icmp-type 128
  pass in quick proto ipv6-icmp from any to any icmp-type echo

Use of symbolic names give now the following error:

  # ipf -Fa -6f /etc/ipf6.conf
  2: Unknown ICMPv6 type (echo) specified (use numeric value instead)

The first rule with numeric value will work as expected:

  # ipfstat -6hi
  0 pass in quick proto ipv6-icmp from any to any icmp-type 128

NOTE: You MUST use numerical values for ICMPv6 types. See
      /sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
martti
6ffd37ccd1 Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  22: Invalid icmp-type (echo) specified

With version 1.7 everything works just fine:

  ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  Set 1 now inactive
2002-02-04 12:00:52 +00:00
martti
bfc0fa18e9 Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
this fix ipfstat reported:

  0 pass in quick proto ipv6-icmp from any to any

while after this fix:

  0 pass in quick proto ipv6-icmp from any to any icmp-type 8

This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00
martin
d4e37ff89e Add a missing "else". 2002-01-24 10:40:12 +00:00
martti
5ecddfad8c Fixed return value (I was unable to compile this on sparc64 before
this fix).
2002-01-24 08:30:27 +00:00
martti
7421720886 This file is not needed 2002-01-24 08:25:37 +00:00
martti
e6acaff1c5 This file is in /sys/netinet 2002-01-24 08:25:21 +00:00
martti
a0dddbc807 Manual page fixes regarding IPv6 2002-01-24 08:24:14 +00:00
martti
b9920d0f43 Upgraded IPFilter to 3.4.23 2002-01-24 08:21:30 +00:00
martti
b0499f9062 Import IPFilter 3.4.23 2002-01-24 08:18:28 +00:00
martti
14b3179d7c Added ip_netbios_pxy.c and ip_ipsec_pxy.c 2002-01-23 11:03:19 +00:00
wiz
1fd7eeefcd "than" instead of "then". 2001-11-21 19:14:19 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
wiz
e3f8252b49 Xref ipf(8) instead of non-existing ipf(1). 2001-09-09 17:22:59 +00:00
wiz
1288f79bbd Xref curses(3) instead of ncurses(3). 2001-09-09 17:22:39 +00:00
wiz
23fec241fa Change Xref to ipfilter(4) from [not installed] ipfilter(5). 2001-09-03 01:19:05 +00:00
mrg
2a32c938de make this program actually work. 2001-06-07 14:15:39 +00:00
mike
2e4a6df0d4 Change perl location from /usr/local/bin/perl to /usr/pkg/bin/perl. 2001-04-11 19:08:05 +00:00
wiz
bc80fa8140 Fix typo. 2001-04-11 09:41:37 +00:00
wiz
c73fe2d6a1 protocols(5), not (4). 2001-04-09 12:39:02 +00:00
mike
fb2dc295a6 Resolve conflicts. 2001-03-26 06:11:46 +00:00
mike
204c25d632 Import IP Filter 3.4.16 2001-03-26 03:52:19 +00:00
christos
713e855d22 we are NetBSD -- we don't need stinking ncurses. 2001-03-13 16:30:39 +00:00
simonb
85213a5c3e Clean up wording slightly in previous. 2001-01-25 11:59:27 +00:00
itojun
8e11103138 document about ipf interaction with ipsec tunnel, and tunnelling devices.
(the behavior is netbsd specific)
2001-01-25 11:16:16 +00:00
hubertf
9934ff5271 Xref ipf.conf(5) 2001-01-07 04:33:47 +00:00
is
890345ee05 Format string cleanups by Bill Sommerfeld. 2000-10-09 14:52:15 +00:00
veego
b3d0df91fb Resolve conflicts. 2000-08-09 21:00:39 +00:00
veego
dd200b1b9b Import IP Filter 3.4.9 2000-08-09 20:49:40 +00:00
thorpej
6acc606aa4 Update to reflect that you don't need to explicitly do an
`ipf -E' in order to be able to use NAT.
2000-08-06 07:05:50 +00:00
veego
5189b64cf6 Resolve conflicts. 2000-06-12 10:43:24 +00:00
veego
8a1de3e633 Import IP Filter 3.4.6 2000-06-12 10:21:51 +00:00
veego
c02ef5cc85 Resolve conflicts. 2000-05-23 06:07:42 +00:00
veego
11120ba212 Resolve conflicts. 2000-05-21 18:53:54 +00:00
veego
8fcd61625e Rename ipnat.1 to ipnat.8. 2000-05-21 18:37:27 +00:00
veego
ca37c80f5b Resolve conflicts. 2000-05-11 19:54:35 +00:00
veego
b358e4a2ae Import IP Filter 3.4.2 2000-05-11 19:49:13 +00:00
veego
b3f239a7bf Use unsigned long long and not long long for the change in Rev 1.6 and
also change the the printf format.
2000-05-08 13:07:56 +00:00
veego
c1ae3e842e Add again out changes which get lost during the changeover to the dist
format and fix PR#8932 while I am here.
Thanks to Darren for letting me know that it was gone.
We should just move to mandoc, but that makes it harder to keep it in sync
with the releases, so I made the changes in the old format.
2000-05-06 15:39:02 +00:00
veego
4ca015c23a Add the -6 option to the usage output. 2000-05-05 21:49:47 +00:00
veego
280a47cc0a Again, fix a build problem on the alpha. 2000-05-05 20:59:17 +00:00
veego
0392fc75f8 Put the (long long) and (unsigned long long) casts back. 2000-05-04 19:55:44 +00:00
veego
6a6c8edcab Resolve conflicts and remove some files. 2000-05-03 11:40:15 +00:00
veego
4b794f4520 Import IP Filter 3.4.1 2000-05-03 10:57:43 +00:00
veego
ba17d31cd0 Import IP Filter 3.4.1 2000-05-03 10:56:46 +00:00
veego
4a7aefb42e Import IP Filter 3.4.1 2000-05-03 10:55:27 +00:00
veego
f737a9e1df Use find with -type f. 2000-05-03 10:50:03 +00:00
kim
5c4de05899 The "-S" option was inserted in the middle of the "-s" option description. 2000-04-12 16:42:49 +00:00
veego
2d3095efd5 Resolve conflicts. 2000-02-01 20:31:10 +00:00
veego
94ab8b0b92 Import IP Filter 3.3.8 2000-02-01 20:11:02 +00:00
veego
f244c7cfd2 Handle syssrc/sys/netinet and syssrc/sys/lkm/netinet/if_ipl 2000-02-01 20:05:54 +00:00
darrenr
8a68eee934 update ipfilter code to 3.3.6 1999-12-28 07:40:12 +00:00
darrenr
0d8c216398 update DARRENR branch of dist/ipf to 3.3.6 1999-12-28 07:21:58 +00:00
veego
e230b103d6 Cast a sizeof to int to compile it on the alpha. 1999-12-12 12:35:32 +00:00
veego
c2ad4767aa Rename ipnat.1 to ipnat.8. 1999-12-12 10:30:46 +00:00
veego
9ee576a049 We can't keep these files here:
- we need them in the syssrc set to compile a kernel
- we don't want two copies of the same file in our tree
1999-12-12 07:41:53 +00:00
veego
a9f63e9e3e Add the mediaone example. 1999-12-11 23:51:45 +00:00
veego
193a383152 Add /usr/share/examples/ipf/mkfilters and correct the .TH name: s/IPF/MKFILTERS/. 1999-12-11 23:50:46 +00:00
veego
d8fd135831 Remove dlpi(7p) 1999-12-11 23:47:56 +00:00
veego
03b4f76190 s/y.tab.h/iplang_y.h/ 1999-12-11 23:47:02 +00:00
veego
0c5b046721 Resort the the manpage references and remove snoop(1m), etherfind(8c) and
dlpi(7p).
1999-12-11 23:44:13 +00:00
veego
c8ce5f6de5 Add /usr/share/examples/ipf 1999-12-11 23:42:10 +00:00
veego
5b8f105a7e Remove reference to snoop(1m) and etherfind(8c) 1999-12-11 23:40:29 +00:00
veego
d4a59b90a2 Add /usr/share/examples/ipf 1999-12-11 23:39:12 +00:00
veego
87ae120ca4 s/vmunix/netbsd/ 1999-12-11 23:38:43 +00:00
veego
cde8d7627b Print quads with (long long). 1999-12-11 23:33:07 +00:00
veego
ff39c2bbab Add RCS Ids. 1999-12-11 23:22:14 +00:00
veego
b921579f5f We don't need these files. 1999-12-11 22:49:33 +00:00
veego
b4214f674a Inital import of IP Filter 3.3.5 under the dist directory. 1999-12-11 22:23:57 +00:00
veego
ce88211af9 New script which only change the RCS Ids. 1999-12-11 22:08:02 +00:00