| #
ddafb584 |
| 10-Feb-2025 |
Kristof Provost <kp@FreeBSD.org> |
pfctl.8: explicitly mention that at least one option is required
zap one redundant line, replacing it with a note that although
SYNOPSIS suggests no options are neccessary, in fact a minimum of one
pfctl.8: explicitly mention that at least one option is required
zap one redundant line, replacing it with a note that although
SYNOPSIS suggests no options are neccessary, in fact a minimum of one
is required;
ok henning
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, 123a76b4bf
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
| #
0ce36b06 |
| 05-Feb-2025 |
Kristof Provost <kp@FreeBSD.org> |
pfctl.8: describe the counters that "pfctl -s info" displays
Tweaks jmc@, ok deraadt@
Obtained from: OpenBSD, sthen <sthen@openbsd.org>, 83e508aa68
Sponsored by: Rubicon Communications, LLC ("Netga
pfctl.8: describe the counters that "pfctl -s info" displays
Tweaks jmc@, ok deraadt@
Obtained from: OpenBSD, sthen <sthen@openbsd.org>, 83e508aa68
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
|
Revision tags: release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3 |
|
| #
5b59b0c6 |
| 06-Dec-2024 |
Leonid Evdokimov <leon+freebsd@darkk.net.ru> |
pfctl: add -T `reset` to touch pfras_tzero only for non-zero entries
This will make it easier for scripts to detect idle hosts in tables.
PR: 282984
Reviewed by: kp
MFC after: 2 weeks
|
|
Revision tags: release/14.2.0 |
|
| #
6463b6b5 |
| 21-Nov-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: clear statistic for specified addresses
The ioctl DIOCRCLRASTATS provides the functionality of clearing stats
not only for the whole table for for addresses stored in that table. The
function
pfctl: clear statistic for specified addresses
The ioctl DIOCRCLRASTATS provides the functionality of clearing stats
not only for the whole table for for addresses stored in that table. The
functionality was missing from pfctl, though. Add it now.
PR: 282877
Obtained from: OpenBSD, kirill <kirill@openbsd.org>, e496dff3a7
MFC after: 3 weeks
show more ...
|
|
Revision tags: release/13.4.0 |
|
| #
a8a95277 |
| 25-Jul-2024 |
Juraj Lutter <otis@FreeBSD.org> |
pfctl: Allow a semicolon (;) as a comment
To make parsing of, for example, Spamhaus' drop.txt and similar
files that contains semicolons as comments, allow them also
in file-based tables.
Reviewed
pfctl: Allow a semicolon (;) as a comment
To make parsing of, for example, Spamhaus' drop.txt and similar
files that contains semicolons as comments, allow them also
in file-based tables.
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46088
show more ...
|
|
Revision tags: release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
4f337550 |
| 20-Oct-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf: allow states to be killed by their pre-NAT address
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
pf: allow states to be killed by their pre-NAT address
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
show more ...
|
| #
fa9896e0 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
5bed7d2f |
| 03-Mar-2022 |
Kristof Provost <kp@FreeBSD.org> |
pfctl.8: Use the serial comma
Pointed out by: Pau Amma.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| #
6ea1c3cf |
| 17-Jan-2022 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: support flushing ethernet rules
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
|
Revision tags: release/12.3.0, release/13.0.0 |
|
| #
77207b60 |
| 22-Feb-2021 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: Document displaying Ethernet rules
Document the new 'pfctl -s ether' functionality.
Reviewed by: bcr
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://revi
pfctl: Document displaying Ethernet rules
Document the new 'pfctl -s ether' functionality.
Reviewed by: bcr
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31750
show more ...
|
| #
93abcf17 |
| 03-May-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: Support killing 'matching' states
Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.
See also https://redmine.pfsen
pf: Support killing 'matching' states
Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.
See also https://redmine.pfsense.org/issues/8555
Submitted by: Steven Brown
Reviewed by: bcr (man page)
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30092
show more ...
|
| #
abbcba9c |
| 30-Apr-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: Allow states to by killed per 'gateway'
This allows us to kill states created from a rule with route-to/reply-to
set. This is particularly useful in multi-wan setups, where one of the
WAN links
pf: Allow states to by killed per 'gateway'
This allows us to kill states created from a rule with route-to/reply-to
set. This is particularly useful in multi-wan setups, where one of the
WAN links goes down.
Submitted by: Steven Brown
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30058
show more ...
|
|
Revision tags: release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0 |
|
| #
fa1d4439 |
| 06-Jun-2018 |
Kristof Provost <kp@FreeBSD.org> |
pf: Return non-zero from 'status' if pf is not enabled
In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf
onestatus` always provided an exit status of zero. This made it fidd
pf: Return non-zero from 'status' if pf is not enabled
In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf
onestatus` always provided an exit status of zero. This made it fiddly to
programmatically determine if pf was running or not.
Return a non-zero status if the pf module is not loaded, extend pfctl to have
an option to return an error status if pf is not enabled.
PR: 228632
Submitted by: James Park-Watt <jimmypw AT gmail.com>
MFC after: 1 week
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
242b2482 |
| 09-Oct-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r306412 through r306905.
|
| #
eb6d64f8 |
| 03-Oct-2016 |
Sevan Janiyan <sevan@FreeBSD.org> |
Note the version PF first appeared in FreeBSD & from which version it was ported from.
Address the contractions raised by igor.
PR: 212574
Approved by: bcr (mentor)
MFC after: 4 days
Differential R
Note the version PF first appeared in FreeBSD & from which version it was ported from.
Address the contractions raised by igor.
PR: 212574
Approved by: bcr (mentor)
MFC after: 4 days
Differential Revision: https://reviews.freebsd.org/D8105
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0 |
|
| #
246e7a2b |
| 02-Sep-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r269962
Submitted by: Anish Gupta (akgupt3@gmail.com)
|
| #
ee7b0571 |
| 19-Aug-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head from 7/28
|
| #
1b833d53 |
| 13-Aug-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Sync to HEAD@r269943.
|
|
Revision tags: release/9.3.0 |
|
| #
df2d82e0 |
| 23-Jun-2014 |
Joel Dahl <joel@FreeBSD.org> |
mdoc: remove superfluous paragraph macros.
|
|
Revision tags: release/10.0.0, release/9.2.0 |
|
| #
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
|
Revision tags: release/8.4.0, release/9.1.0 |
|
| #
e477abf7 |
| 27-Nov-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC @ r241285
|
| #
a10c6f55 |
| 11-Nov-2012 |
Neel Natu <neel@FreeBSD.org> |
IFC @ r242684
|
| #
23090366 |
| 04-Nov-2012 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Sync from head
|
| #
86dcb2ee |
| 14-Sep-2012 |
Joel Dahl <joel@FreeBSD.org> |
Minor mdoc fix.
|
| #
3b3a8eb9 |
| 14-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.
o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
show more ...
|