Commit Graph

52 Commits

Author SHA1 Message Date
pavel
f705cb5488 We do not support pfsync, so:
- remove xrefs to pfsync(4)
- remove the no-sync keyword from pf.conf(5)
- add a note to pf(4).

Approved by Peter Postma.
2006-04-26 18:14:19 +00:00
pavel
e3b35bceeb The "group" keyword is not supported in NetBSD, so:
- add a CAVEATS section to pf(4) and note it
- in the description in pf.conf(5) say it is unsupported
- remove it from the grammar in pf.conf(5).

Approved by Peter Postma.
2006-04-26 17:55:33 +00:00
christos
b2f6added5 Coverity CID 577: remove dead code; minburst can never be 0 at this point. 2006-03-21 20:49:54 +00:00
christos
e46022bb52 Coverity CID 1514: Don't access static array beyond the end of it.
In this case PFTM_MAX == 20 and sizeof(pf_timeouts) / sizeof(pf_timeouts[0])
== 21, using a loop with the size of the array and checking for reaching the
end of the loop via j == PFTM_MAX does not work. Change the loop to use
PFTM_MAX as the upper bound and add an assertion in the code to make sure
that pf_timeouts is large enough. Finally remove last NULL element of the
array so that the array has 20 elements again.
2006-03-21 20:47:27 +00:00
christos
1a21d9be9f Coverity CID 2057: Don't forget to free tcpopts when you are done. 2006-03-21 20:31:56 +00:00
peter
11f7fb17d4 Fix file descriptor leaks.
Coverity CID 1681.
2006-03-17 15:50:44 +00:00
peter
c4add27fee Fix a few Xrefs. 2005-08-07 01:05:51 +00:00
peter
3592744c86 Remove Xref to securelevel(7), we don't have it. 2005-08-07 00:53:13 +00:00
rpaulo
8a5e2a50be ftp-proxy -i also supports '-R address[:port]' and '-S address'.
ok peter@
2005-07-29 21:34:18 +00:00
peter
f9967d10c9 Resolve conflicts (pf from OpenBSD 3.7, userland part). 2005-07-01 12:43:50 +00:00
peter
bf1e9b32e2 Remove the distribution files of spamd. Future imports of pf will not
include spamd anymore.
2005-06-29 09:55:22 +00:00
lukem
4952bc0ec3 appease gcc -Wuninitialized 2005-06-02 09:58:55 +00:00
jwise
c48b1f0323 If path to /etc/spamd.conf is passed in on cpp command line, don't override it. 2005-04-12 14:35:36 +00:00
jwise
20e85ad185 Instead of hardcoding /var/chroot/spamd in two places, use a macro
SPAMD_CHROOT, which is passed in by src/usr.sbin/pf/spamd/Makefile.
2005-04-12 14:22:43 +00:00
peter
94921da3bb Changes to build on NetBSD:
* #ifdef out some things we don't have or do differently.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr".
  Fixes an LP64 specific problem with reading the pflog with tcpdump(8).
  (OpenBSD fixed this by changing the structs to always use 32-bit fields)

Reviewed by yamt@.
2005-03-15 16:26:49 +00:00
peter
0a9aa9779a Install pf(4) examples. Reviewed by yamt@.
Thanks to hubertf@ for the reminder.
2005-03-15 16:05:03 +00:00
peter
1c9b56c830 Add MKIPFILTER; if set to no, don't build and install the ipf(4) programs,
headers and LKM.

Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.

Both options default to yes, so nothing changed in the default build.

Reviewed by lukem.
2005-02-22 14:39:58 +00:00
yamt
bc7b47989b a bug fix from OPENBSD_3_6.
> revision 1.2.2.1
> date: 2004/12/17 02:51:35;  author: brad;  state: Exp;  lines: +2 -2
> MFC:
> Fix by frantzen@
>
> &&/|| inversion would try to merge IP addresses with non-addresses into a
> single table causing a ruleset load error and eventually a double-free.
>
> ok deraadt@ mcbride@ henning@ frantzen@ dhartmei@
2004-12-19 10:27:46 +00:00
yamt
db6316d151 fix a merge botch. pointed by Pavel Cahyna. 2004-12-16 02:08:29 +00:00
peter
f7da5a456d Apply a patch from the OPENBSD_3_6 branch, ok itojun.
MFC:
Fix by dhartmei@

do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h
reported by Alexey E. Suslikov
2004-11-21 18:01:14 +00:00
wiz
c1c81c7612 Sort options in usage, add missing "]" (OpenBSD v1.38). 2004-11-19 20:52:10 +00:00
wiz
d0b9170efe Sort option descriptions (OpenBSD v1.42). 2004-11-19 20:51:34 +00:00
yamt
057eb0b30f don't use variable arg macro, which is not supported by gcc2. 2004-11-16 05:14:12 +00:00
yamt
23c8222edb merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
	etc/pf.conf
	etc/pf.os
	etc/spamd.conf
	share/man/man4/pf.4
	share/man/man4/pflog.4
	share/man/man5/pf.conf.5
	share/man/man5/pf.os.5
	share/man/man5/spamd.conf.5
v3_6:
	dist/pf/etc/pf.conf
	dist/pf/etc/pf.os
	dist/pf/etc/spamd.conf
	dist/pf/share/man/man4/pf.4
	dist/pf/share/man/man4/pflog.4
	dist/pf/share/man/man5/pf.conf.5
	dist/pf/share/man/man5/pf.os.5
	dist/pf/share/man/man5/spamd.conf.5
2004-11-14 11:26:43 +00:00
yamt
533d14a1b9 import pf from OpenBSD 3.6. (userland part) 2004-11-14 11:08:58 +00:00
yamt
ce23bf1813 reduce diffs from the original, using dummy impl. of openlog_r and syslog_r. 2004-11-11 11:27:34 +00:00
yamt
93086a3d8d revert a function rename/move.
this kind of change is not appropriate for sources under dist/.
2004-11-11 09:49:59 +00:00
dsl
26207dda78 Add (unsigned char) cast to ctype functions 2004-10-29 19:46:27 +00:00
enami
969da55f1c Don't call seteuid() before setuid() since it makes setuid() fails.
Actually, set[gu]id() changes effective ids also.  From Shoichi Miyake.
2004-07-09 08:27:38 +00:00
darrenr
bbf97636b5 revert change of listen to Listen (probably a typo here) 2004-07-01 15:44:54 +00:00
darrenr
b8785aabcf Modify ftp-proxy to support both ipfilter and pf. It now requires at least
one command line option to specify which firewall it is meant to interact
with.  The implementation here puts the firewall specific code into separate
files with markers for future changes that could enable a fully transparent
mode for non-private network proxying.
2004-06-30 13:29:43 +00:00
itojun
8f329619b8 spamlogd(8) 2004-06-25 16:34:45 +00:00
itojun
e197438eb7 $NetBSD$ 2004-06-25 16:27:02 +00:00
itojun
b4d647b66c PF from OpenBSD 3.5 2004-06-25 16:11:48 +00:00
wiz
94cdd0ee08 Add RCS Id. 2004-06-25 16:03:59 +00:00
wiz
5b3f28f7c5 Sort sections. 2004-06-25 16:02:49 +00:00
wiz
3a867d753d \*[Lt]\*[Gt] instead of "<>". 2004-06-25 16:02:23 +00:00
wiz
5e18189b4a \*[Lt]\*[Gt] instead of "<>". Use ftp.NetBSD.org as example host. 2004-06-25 16:01:22 +00:00
wiz
be3dbbb4c3 \*[Lt]\*[Gt] instead of "<>". 2004-06-25 15:59:03 +00:00
wiz
87e9965fb9 \*[Gt] instead of ">". 2004-06-25 15:57:50 +00:00
itojun
3b8461f315 let spamd use /var/chroot/spamd, not /var/empty 2004-06-25 15:54:31 +00:00
itojun
e3e62063f0 authpf from OpenBSD 3.5 PF 2004-06-25 00:06:09 +00:00
itojun
c03eb6b884 PF from OpenBSD 3.5 2004-06-24 23:25:29 +00:00
hannken
5356e2c1a9 Resolve printf arg/type conflict on sparc64.
Fix PR #26030 and part of #26012
2004-06-24 11:05:10 +00:00
itojun
8bc0b4b95d escape from old-ALTQ and new-ALTQ difference 2004-06-23 04:38:43 +00:00
itojun
9ec960c351 add ftp-proxy from PF OpenBSD 3.5. adjust setlists 2004-06-22 22:19:36 +00:00
itojun
625efb1994 PF from OpenBSD 3.5 2004-06-22 22:11:14 +00:00
itojun
f7c9d7b3eb make spamd compile on netbsd 2004-06-22 16:04:40 +00:00
itojun
c2d7a8642b spamd-setup, comes with PF for openbsd 3.5 2004-06-22 15:53:17 +00:00
itojun
bf0f75e934 PF from openbsd 3.5 2004-06-22 15:46:46 +00:00