| History log of /src/usr.sbin/pf |
| Revision | Date | Author | Comments |
| 1.10 | 25-May-2025 |
rillig | pf: fix parallel build
|
| 1.9 | 07-May-2010 |
degroote | branches: 1.9.58;
Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.8 | 18-Jun-2008 |
yamt | merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.7 | 23-Aug-2005 |
peter | branches: 1.7.18; 1.7.20;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.6 | 27-Jun-2005 |
peter | Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.5 | 04-Apr-2005 |
peter | Enable pflogd(8).
|
| 1.4 | 15-Mar-2005 |
peter | branches: 1.4.2;
Install pf(4) examples. Reviewed by yamt@.
Thanks to hubertf@ for the reminder.
|
| 1.3 | 14-Nov-2004 |
yamt | handle configinstall target correctly.
|
| 1.2 | 14-Nov-2004 |
yamt | merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.1 | 11-Nov-2004 |
yamt | move pf reachover makefiles into usr.sbin/pf. ok'ed by itojun.
before:
sbin/pfctl
usr.sbin/authpf
usr.sbin/spamdb
libexec/ftp-proxy
libexec/spamd
libexec/spamd-setup
libexec/spamlogd
after:
usr.sbin/pf/pfctl
usr.sbin/pf/authpf
usr.sbin/pf/spamdb
usr.sbin/pf/ftp-proxy
usr.sbin/pf/spamd
usr.sbin/pf/spamd-setup
usr.sbin/pf/spamlogd
|
| 1.4.2.3 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.4.2.2 | 02-Jul-2005 |
tron | Pull up revision 1.6 (requested by peter in ticket #518):
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.4.2.1 | 13-Apr-2005 |
tron | Pull up revision 1.5 (requested by peter in ticket #134):
Enable pflogd(8).
|
| 1.7.20.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.7.18.1 | 25-May-2008 |
peter | Add tftp-proxy.
|
| 1.9.58.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.13 | 03-Jun-2023 |
lukem | adapt to ${CC_WNO_ADDRESS_OF_PACKED_MEMBER}
Simplify CWARNFLAGS to use ${CC_WNO_ADDRESS_OF_PACKED_MEMBER}
which works for both clang and gcc, and remove compiler-specific
equivalents.
|
| 1.12 | 03-Jun-2023 |
lukem | bsd.own.mk: rename to CC_WNO_ADDRESS_OF_PACKED_MEMBER
Provide a single variable
CC_WNO_ADDRESS_OF_PACKED_MEMBER
with options for both clang and gcc, to replace
CLANG_NO_ADDR_OF_PACKED_MEMBER
CC_NO_ADDR_OF_PACKED_MEMBER
GCC_NO_ADDR_OF_PACKED_MEMBER
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
|
| 1.11 | 06-Sep-2020 |
mrg | add support for new GCC 9 warnings that may be too much to fix
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
|
| 1.10 | 11-Jan-2017 |
joerg | Disable a couple of warnings until further investigation.
|
| 1.9 | 29-Jan-2015 |
christos | branches: 1.9.2;
use strtonum from libc
|
| 1.8 | 26-May-2011 |
joerg | Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
|
| 1.7 | 23-Apr-2009 |
lukem | WARNS=1 for pf
|
| 1.6 | 22-Apr-2009 |
lukem | Enable WARNS=4 by default, except for:
cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest
kimpersonate kstash ktutil makefs ndbootd ntp pppd quot
racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump
traceroute traceroute6 user veriexecgen wsmoused zic
(Mostly third-party applications)
|
| 1.5 | 28-May-2007 |
tls | branches: 1.5.20;
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
|
| 1.4 | 16-Nov-2004 |
yamt | don't use variable arg macro, which is not supported by gcc2.
|
| 1.3 | 14-Nov-2004 |
yamt | merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.2 | 11-Nov-2004 |
yamt | move common fragments into Makefile.inc.
|
| 1.1 | 11-Nov-2004 |
yamt | move pf reachover makefiles into usr.sbin/pf. ok'ed by itojun.
before:
sbin/pfctl
usr.sbin/authpf
usr.sbin/spamdb
libexec/ftp-proxy
libexec/spamd
libexec/spamd-setup
libexec/spamlogd
after:
usr.sbin/pf/pfctl
usr.sbin/pf/authpf
usr.sbin/pf/spamdb
usr.sbin/pf/ftp-proxy
usr.sbin/pf/spamd
usr.sbin/pf/spamd-setup
usr.sbin/pf/spamlogd
|
| 1.5.20.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.9.2.1 | 20-Mar-2017 |
pgoyette | Sync with HEAD
|
| 1.7 | 29-Jan-2015 |
christos | use strtonum from libc
|
| 1.6 | 10-Apr-2013 |
christos | no need for the end macros anymore
|
| 1.5 | 18-Jun-2008 |
yamt | branches: 1.5.2; 1.5.24;
merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.4 | 26-Oct-2006 |
christos | branches: 1.4.16; 1.4.18;
remove openlog_r/syslog_r; we now have it.
|
| 1.3 | 15-Mar-2005 |
peter | Add a small replacement for strtonum().
|
| 1.2 | 13-Feb-2005 |
yamt | copyright notice.
|
| 1.1 | 16-Nov-2004 |
yamt | don't use variable arg macro, which is not supported by gcc2.
|
| 1.4.18.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.4.16.1 | 26-Apr-2008 |
peter | Add LIST_END macro.
|
| 1.5.24.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.5.2.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2 | 14-Nov-2004 |
yamt | merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.1 | 11-Nov-2004 |
yamt | move pf reachover makefiles into usr.sbin/pf. ok'ed by itojun.
before:
sbin/pfctl
usr.sbin/authpf
usr.sbin/spamdb
libexec/ftp-proxy
libexec/spamd
libexec/spamd-setup
libexec/spamlogd
after:
usr.sbin/pf/pfctl
usr.sbin/pf/authpf
usr.sbin/pf/spamdb
usr.sbin/pf/ftp-proxy
usr.sbin/pf/spamd
usr.sbin/pf/spamd-setup
usr.sbin/pf/spamlogd
|
| 1.3 | 20-Jun-2008 |
peter | Install /etc/pf.os with 444 permissions.
Modify postinstall(8) to always upgrade /etc/pf.os.
Suggested by Luke Mewburn in PR/35188.
|
| 1.2 | 27-Jun-2005 |
peter | branches: 1.2.20;
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.1 | 14-Nov-2004 |
yamt | branches: 1.1.2;
merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.1.2.1 | 02-Jul-2005 |
tron | Pull up revision 1.2 (requested by peter in ticket #518):
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.2.20.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.1 | 23-Aug-2005 |
peter | branches: 1.1.2;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.2 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.1 | 23-Aug-2005 |
tron | file Makefile was added on branch netbsd-3 on 2005-09-02 12:29:37 +0000
|
| 1.5 | 17-Feb-2019 |
gutteridge | pf.boot.conf: remove lingering references to dhclient(8), and while
here, capitalize acronyms. Addresses part of PR misc/53669.
|
| 1.4 | 26-May-2017 |
hauke | branches: 1.4.10;
Enable carp packets early during boot, to avoid gratuitous failovers.
Okayed by christos@
|
| 1.3 | 02-Sep-2007 |
tron | Use "ipv6-icmp" instead of "icmp6" to allow loading these rules again.
Patch supplied by Daniel Horecki in PR bin/36874.
|
| 1.2 | 10-Jan-2006 |
reed | branches: 1.2.10;
Fix mispelling in a comment.
|
| 1.1 | 23-Aug-2005 |
peter | branches: 1.1.2;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.2 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.1 | 23-Aug-2005 |
tron | file pf.boot.conf was added on branch netbsd-3 on 2005-09-02 12:29:37 +0000
|
| 1.2.10.1 | 06-Nov-2007 |
matt | sync with HEAD
|
| 1.4.10.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.2 | 27-Jun-2005 |
peter | Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.1 | 15-Mar-2005 |
peter | branches: 1.1.2;
Install pf(4) examples. Reviewed by yamt@.
Thanks to hubertf@ for the reminder.
|
| 1.1.2.1 | 02-Jul-2005 |
tron | Pull up revision 1.2 (requested by peter in ticket #518):
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.9 | 13-Aug-2019 |
maxv | sync with reality
|
| 1.8 | 09-Feb-2013 |
rmind | branches: 1.8.30;
Disable -DWITH_NPF for now; will be converted to BPF mechanism.
|
| 1.7 | 15-Sep-2012 |
plunky | does not need -I${NETBSDSRCDIR}/sys/dist/ipf here, the include files
are installed in /usr/include/netinet
|
| 1.6 | 04-Feb-2011 |
rmind | branches: 1.6.4; 1.6.6; 1.6.10;
Fix sun2 builds. Noted by joerg@.
|
| 1.5 | 02-Feb-2011 |
rmind | NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
|
| 1.4 | 22-Apr-2009 |
lukem | branches: 1.4.2;
Enable WARNS=4 by default, except for:
cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest
kimpersonate kstash ktutil makefs ndbootd ntp pppd quot
racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump
traceroute traceroute6 user veriexecgen wsmoused zic
(Mostly third-party applications)
|
| 1.3 | 18-Jun-2008 |
yamt | branches: 1.3.6;
merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.2 | 22-Feb-2005 |
peter | branches: 1.2.24; 1.2.26;
Add MKIPFILTER; if set to no, don't build and install the ipf(4) programs,
headers and LKM.
Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.
Both options default to yes, so nothing changed in the default build.
Reviewed by lukem.
|
| 1.1 | 11-Nov-2004 |
yamt | move pf reachover makefiles into usr.sbin/pf. ok'ed by itojun.
before:
sbin/pfctl
usr.sbin/authpf
usr.sbin/spamdb
libexec/ftp-proxy
libexec/spamd
libexec/spamd-setup
libexec/spamlogd
after:
usr.sbin/pf/pfctl
usr.sbin/pf/authpf
usr.sbin/pf/spamdb
usr.sbin/pf/ftp-proxy
usr.sbin/pf/spamd
usr.sbin/pf/spamd-setup
usr.sbin/pf/spamlogd
|
| 1.2.26.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.2.24.1 | 25-May-2008 |
peter | Switch to the new libevent based ftp-proxy.
|
| 1.3.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.4.2.1 | 08-Feb-2011 |
bouyer | Sync with HEAD
|
| 1.6.10.2 | 25-Feb-2013 |
tls | resync with head
|
| 1.6.10.1 | 20-Nov-2012 |
tls | Resync to 2012-11-19 00:00:00 UTC
|
| 1.6.6.1 | 11-Feb-2013 |
riz | Pull up following revision(s) (requested by rmind in ticket #817):
usr.sbin/npf/npfctl/npfctl.8: revision 1.12
usr.sbin/npf/npfctl/npf.conf.5: revision 1.27
usr.sbin/npf/npfctl/npf_parse.y: revision 1.18
usr.sbin/npf/npfctl/npf_build.c: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.28
lib/libnpf/npf.c: revision 1.16
usr.sbin/npf/npfctl/npfctl.c: revision 1.29
lib/libnpf/npf.c: revision 1.17
sys/modules/npf/Makefile: revision 1.12
sys/net/npf/npf_rproc.c: revision 1.6
usr.sbin/npf/npftest/README: revision 1.4
sys/net/npf/npf_tableset.c: revision 1.17
sys/net/npf/npf_ctl.c: revision 1.21
sys/net/npf/npf_ctl.c: revision 1.22
usr.sbin/npf/npfctl/npfctl.h: revision 1.25
lib/libnpf/npf.h: revision 1.13
usr.sbin/npf/npftest/npftest.conf: revision 1.2
usr.sbin/npf/npfctl/npfctl.h: revision 1.26
sys/net/npf/npf_ruleset.c: revision 1.17
lib/libnpf/npf.h: revision 1.14
sys/net/npf/npf_ruleset.c: revision 1.18
sys/net/npf/npf_conf.c: revision 1.1
usr.sbin/npf/npfctl/npf_scan.l: revision 1.10
sys/net/npf/npf_conf.c: revision 1.2
sys/net/npf/npf_instr.c: revision 1.16
sys/net/npf/npf_handler.c: revision 1.26
sys/net/npf/npf_impl.h: revision 1.26
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.14
sys/net/npf/npf_processor.c: revision 1.15
sys/net/npf/npf_impl.h: revision 1.27
sys/net/npf/npf_alg_icmp.c: revision 1.15
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.15
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.16
sys/net/npf/npf_ncode.h: revision 1.11
sys/net/npf/files.npf: revision 1.10
usr.sbin/npf/npftest/Makefile: revision 1.4
usr.sbin/npf/npfctl/npfctl.c: revision 1.30
lib/libnpf/npf.3: revision 1.8
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.4
sys/net/npf/npf_session.c: revision 1.21
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.5
usr.sbin/npf/npfctl/npf_build.c: revision 1.18
usr.sbin/npf/npfctl/npf_build.c: revision 1.19
sys/net/npf/npf_alg.c: revision 1.7
usr.sbin/npf/npfctl/Makefile: revision 1.10
sys/net/npf/npf_inet.c: revision 1.21
sys/net/npf/npf.h: revision 1.26
sys/net/npf/npf.h: revision 1.27
usr.sbin/pf/ftp-proxy/Makefile: revision 1.8
sys/net/npf/npf_nat.c: revision 1.19
sys/net/npf/npf.c: revision 1.15
sys/net/npf/npf_state.c: revision 1.14
sys/net/npf/npf_sendpkt.c: revision 1.14
sys/rump/net/lib/libnpf/Makefile: revision 1.4
IPv6 linklocal address printing cosmetics
NPF:
- Implement dynamic NPF rules. Controlled through npf(3) library of via
npfctl rule command. A rule can be removed using a unique identifier,
returned on addition, or using a key which is SHA1 hash of the rule.
Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
Disable -DWITH_NPF for now; will be converted to BPF mechanism.
- Fix NPF config reload with dynamic rules present.
- Implement list and flush commands on a dynamic ruleset.
Allow filtering on IP addresses even if the L4 protocol is unknown.
Patch from spz@.
npftest: adjust for recent change.
|
| 1.6.4.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.6.4.1 | 30-Oct-2012 |
yamt | sync with head
|
| 1.8.30.1 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.1 | 14-Nov-2004 |
yamt | merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.2 | 14-Sep-2009 |
degroote | Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.
This work was part of my 2009 GSoC
No objection on tech-net@
|
| 1.1 | 14-Nov-2004 |
yamt | merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.5 | 23-Aug-2005 |
peter | pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.4 | 27-Jun-2005 |
peter | Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.3 | 19-Apr-2005 |
tron | Remove copy of manual page created during build.
|
| 1.2 | 12-Apr-2005 |
jwise | spamd.conf is now pfspamd.conf.
|
| 1.1 | 14-Nov-2004 |
yamt | branches: 1.1.2;
merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.1.2.4 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.3 | 02-Jul-2005 |
tron | Pull up revision 1.4 (requested by peter in ticket #518):
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
|
| 1.1.2.2 | 07-May-2005 |
riz | Pull up revision 1.3 (requested by tron in ticket #148):
Remove copy of manual page created during build.
|
| 1.1.2.1 | 13-Apr-2005 |
tron | Pull up revision 1.2 (requested by jwise in ticket #138):
spamd.conf is now pfspamd.conf.
|
| 1.1 | 23-Aug-2005 |
peter | branches: 1.1.2;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.2 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.1 | 23-Aug-2005 |
tron | file pf.boot.conf.5 was added on branch netbsd-3 on 2005-09-02 12:29:36 +0000
|
| 1.6 | 03-Jun-2023 |
lukem | bsd.own.mk: rename GCC_NO_* to CC_WNO_*
Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
|
| 1.5 | 12-Apr-2021 |
mrg | add some new uses of existing GCC_NO_* variables for warning issues.
remove an no longer relevant for gcc7 workaround (works fine in both
gcc9 and gcc 10.)
|
| 1.4 | 18-Jun-2008 |
yamt | merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.3 | 14-Nov-2004 |
yamt | branches: 1.3.24; 1.3.26;
merge after importing pf from openbsd 3.6. (userland part)
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
|
| 1.2 | 11-Nov-2004 |
yamt | move common fragments into Makefile.inc.
|
| 1.1 | 11-Nov-2004 |
yamt | move pf reachover makefiles into usr.sbin/pf. ok'ed by itojun.
before:
sbin/pfctl
usr.sbin/authpf
usr.sbin/spamdb
libexec/ftp-proxy
libexec/spamd
libexec/spamd-setup
libexec/spamlogd
after:
usr.sbin/pf/pfctl
usr.sbin/pf/authpf
usr.sbin/pf/spamdb
usr.sbin/pf/ftp-proxy
usr.sbin/pf/spamd
usr.sbin/pf/spamd-setup
usr.sbin/pf/spamlogd
|
| 1.3.26.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.3.24.1 | 19-Apr-2008 |
yamt | make this build.
|
| 1.6 | 21-Dec-2011 |
christos | don't include pcap/bpf.h
|
| 1.5 | 13-Dec-2010 |
christos | branches: 1.5.6;
fix build.
|
| 1.4 | 09-Nov-2006 |
christos | compile a file with -Wno-stack-protector since it is using __cmsg_alignbytes()
for a variable on the stack.
|
| 1.3 | 25-Apr-2006 |
drochner | Build libpcap-0.9.4 from src/dist.
While there are some open issues, particulary wrt support of old
NetBSD-specific interfaces, it is better to get the code some public
testing before NetBSD-4 is branched.
|
| 1.2 | 15-Mar-2005 |
peter | Change BINDIR to /sbin and support MKDYNAMICROOT.
|
| 1.1 | 15-Mar-2005 |
peter | Add build glue for pflogd(8).
|
| 1.5.6.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.1 | 07-May-2010 |
degroote | Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.4 | 17-Mar-2023 |
andvar | s/enougth/enough/
|
| 1.3 | 23-Apr-2020 |
joerg | lineno, states and allocated should be owned by the parser
|
| 1.2 | 19-Oct-2013 |
christos | fix unused variable warnings.
|
| 1.1 | 07-May-2010 |
degroote | branches: 1.1.6; 1.1.12;
Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.1.12.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.1.6.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.3 | 23-Apr-2020 |
joerg | lineno, states and allocated should be owned by the parser
|
| 1.2 | 31-Aug-2011 |
joerg | Use __dead
|
| 1.1 | 07-May-2010 |
degroote | Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.4 | 09-May-2010 |
wiz | Remove trailing whitespace and dot in Nd.
|
| 1.3 | 09-May-2010 |
degroote | Add missing license
|
| 1.2 | 08-May-2010 |
wiz | Sort options, standardize SYNOPSIS, slight rewordings. Use more markup.
|
| 1.1 | 07-May-2010 |
degroote | Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.2 | 16-Jun-2015 |
christos | improve error messages (remove \n, use __func__, etc)
|
| 1.1 | 07-May-2010 |
degroote | Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.2 | 24-May-2011 |
joerg | No input needed
|
| 1.1 | 07-May-2010 |
degroote | Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.3 | 22-Apr-2009 |
lukem | Enable WARNS=4 by default, except for:
cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest
kimpersonate kstash ktutil makefs ndbootd ntp pppd quot
racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump
traceroute traceroute6 user veriexecgen wsmoused zic
(Mostly third-party applications)
|
| 1.2 | 18-Jun-2008 |
yamt | branches: 1.2.2; 1.2.8;
merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.1 | 25-May-2008 |
peter | branches: 1.1.2;
file Makefile was initially added on branch yamt-pf42.
|
| 1.1.2.1 | 25-May-2008 |
peter | Reachover makefile for tftp-proxy.
|
| 1.2.8.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.2.2.2 | 24-Sep-2008 |
wrstuden | Pull in changes missed in previous sync with head.
|
| 1.2.2.1 | 18-Jun-2008 |
wrstuden | file Makefile was added on branch wrstuden-revivesa on 2008-09-24 04:54:48 +0000
|
