summaryrefslogtreecommitdiff
path: root/sbin/ipfw
Commit message (Collapse)AuthorAgeFilesLines
* MFC: make rule number available from getsockopt(IP_FW_ADD).Ruslan Ermilov2000-10-171-3/+3
| | | | Notes: svn path=/stable/4/; revision=67252
* MFC: Style conversion.Ruslan Ermilov2000-10-171-3/+3
| | | | Notes: svn path=/stable/4/; revision=67251
* MFC: Only interpret the last command line argument as a file toRuslan Ermilov2000-10-172-18/+21
| | | | | | | be preprocessed if it is specified as an absolute pathname. Notes: svn path=/stable/4/; revision=67250
* MFC: (rev 1.93) respect the protocol when looking up the port.Ruslan Ermilov2000-10-041-15/+22
| | | | Notes: svn path=/stable/4/; revision=66625
* MFC: net.inet.ip.fw.one_pass only affects dummynet(4).Ruslan Ermilov2000-09-291-3/+5
| | | | Notes: svn path=/stable/4/; revision=66447
* MFC: v1.67: tcpoptions (dan and ras@e-gerbil.net)Bill Fumerola2000-08-051-0/+19
| | | | Notes: svn path=/stable/4/; revision=64270
* MFCBill Fumerola2000-07-281-5/+71
| | | | | | | | | | | | | | ipfw.c: r1.84,1.88: tcpoptions support (dan, ras@e-gerbil.net) r1.86: reorder output of 'prob' to match the input method (billf) ip_fw.c: r1.138: tcpoptions support (dan, ras@e-gerbil.net) ip_fw.h: r1.50(partial): complete WF2Q+ merge, comment only (luigi) r1.51: tcpoptions support (dan, ras@e-gerbil.net) Notes: svn path=/stable/4/; revision=63984
* MFC: Don't call vfprintf-like functions without a format string.Kris Kennaway2000-07-201-1/+1
| | | | Notes: svn path=/stable/4/; revision=63636
* MFC: fix behaviour of "ipfw pipe show"Luigi Rizzo2000-06-141-6/+6
| | | | Notes: svn path=/stable/4/; revision=61658
* MFC: (rev 1.68) -mdoc fixes.Ruslan Ermilov2000-06-121-35/+81
| | | | Notes: svn path=/stable/4/; revision=61571
* MFC: Bring WF2Q+ support in dummynet. Read the ipfw(8) manpage forLuigi Rizzo2000-06-112-127/+439
| | | | | | | | documentation. Except for recompiling ipfw, old ipfw configurations involving dummynet pipes work unmodified. Notes: svn path=/stable/4/; revision=61561
* A huge rewrite of the manual page (mostly -mdoc related).Ruslan Ermilov2000-02-281-542/+649
| | | | | | | Reviewed by: luigi, sheldonh Notes: svn path=/head/; revision=57557
* Use correct field for dst_port when displaying masks on dynamic pipes.Luigi Rizzo2000-02-131-1/+1
| | | | Notes: svn path=/head/; revision=57183
* Support and document new stateful ipfw features.Luigi Rizzo2000-02-102-15/+290
| | | | | | | Approved-by: jordan Notes: svn path=/head/; revision=57115
* Support per-flow queueing in dummynet.Luigi Rizzo2000-01-082-295/+530
| | | | | | | | | | Implement masks on UDP/TCP ports. Large rewrite of the manpage. Work supported by Akamba Corp. Notes: svn path=/head/; revision=55595
* Turn on 'ipfw tee'. Update man page. Please note (from the man page):Archie Cobbs1999-12-062-17/+10
| | | | | | | | | | | Packets that match a tee rule should not be immediately accepted, but should continue going through the rule list. This may be fixed in a later version. I hope to fix this soon in a separate commit. Notes: svn path=/head/; revision=54177
* Remove one obsoleted entry from the BUGS section.Ruslan Ermilov1999-10-201-2/+0
| | | | Notes: svn path=/head/; revision=52407
* Make the "uid" and "gid" code better. Now it can detect invalid userBrian Feldman1999-09-031-4/+20
| | | | | | | | | names/numbers. Reviewed by: chris Notes: svn path=/head/; revision=50851
* $Id$ -> $FreeBSD$Peter Wemm1999-08-282-2/+2
| | | | Notes: svn path=/head/; revision=50476
* To christen the brand new security category for syslog, we get IPFWBrian Feldman1999-08-211-5/+8
| | | | | | | | | | | | | | | | | using syslog(3) (log(9)) for its various purposes! This long-awaited change also includes such nice things as: * macros expanding into _two_ comma-delimited arguments! * snprintf! * more snprintf! * linting and criticism by more people than you can shake a stick at! * a slightly more uniform message style than before! and last but not least * no less than 5 rewrites! Reviewed by: committers Notes: svn path=/head/; revision=50129
* Whoops, forgot one line in previous patch.Luigi Rizzo1999-08-121-1/+2
| | | | Notes: svn path=/head/; revision=49652
* Userland and manual page changes for probabilistic rule match.Luigi Rizzo1999-08-112-4/+41
| | | | | | | | | Because the kernel change was done in a backward-compatible way, you don't need to recompile ipfw if you don't want to use the new feature. Notes: svn path=/head/; revision=49631
* Make ipfw's logging more dynamic. Now, log will use the default limitBrian Feldman1999-08-012-11/+97
| | | | | | | | | | | | | | | | _or_ you may specify "log logamount number" to set logging specifically the rule. In addition, "ipfw resetlog" has been added, which will reset the logging counters on any/all rule(s). ipfw resetlog does not affect the packet/byte counters (as ipfw reset does), and is the only "set" command that can be run at securelevel >= 3. This should address complaints about not being able to set logging amounts, not being able to restart logging at a high securelevel, and not being able to just reset logging without resetting all of the counters in a rule. Notes: svn path=/head/; revision=49350
* This is the much-awaited cleaned up version of IPFW [ug]id support.Brian Feldman1999-06-192-2/+62
| | | | | | | All relevant changes have been made (including ipfw.8). Notes: svn path=/head/; revision=48023
* Document the usage of escape character in a service name.Ruslan Ermilov1999-06-151-2/+9
| | | | | | | | PR: 7101 Reminded by: jhs Notes: svn path=/head/; revision=47925
* Workaround the problem that the first (and only first) port nameRuslan Ermilov1999-06-111-9/+26
| | | | | | | | | | | | | | can't have a dash character (it is treated as a ``range'' operator). One could now use such a name by escaping the ``-'' characters. For example: # ipfw add 1 count tcp from any to any "ms\-sql\-s" # ipfw add 2 count tcp from any ftp\\-data-ftp to any PR: 7101 Notes: svn path=/head/; revision=47874
* Fix the parsing of ip addresses on a command line.Ruslan Ermilov1999-06-041-7/+7
| | | | | | | | | PR: 5047 Reviewed by: des Test case: ipfw add allow ip from 127.1 to any Notes: svn path=/head/; revision=47732
* Spelling corrections for dummynet.Ruslan Ermilov1999-06-021-4/+5
| | | | | | | Reviewed by: des,luigi Notes: svn path=/head/; revision=47691
* Manpage cleanup, move $Id$ to #ifndef lint, remove unused includes,Kris Kennaway1999-05-292-25/+27
| | | | | | | | | grammatical fixes. Submitted by: Philippe Charnier Notes: svn path=/head/; revision=47593
* close pr 10889:Luigi Rizzo1999-05-241-13/+27
| | | | | | | | | | | | | | | + add a missing call to dn_rule_delete() when flushing firewall rules, thus preventing possible panics due to dangling pointers (this was already done for single rule deletes). + improve "usage" output in ipfw(8) + add a few checks to ipfw pipe parameters and make it a bit more tolerant of common mistakes (such as specifying kbit instead of Kbit) PR: kern/10889 Submitted by: Ruslan Ermilov Notes: svn path=/head/; revision=47455
* Add ICMP types to list of information about each packet.Guy Helmer1999-04-291-2/+33
| | | | Notes: svn path=/head/; revision=46182
* Explain when packets are tesed by the firewall rules and what attributesGuy Helmer1999-04-281-23/+128
| | | | | | | | | of packets can be tested. PR: docs/7437 Notes: svn path=/head/; revision=46135
* Convert LKM/modload to KLD/kldload. Add ref to kldload(8).Guy Helmer1999-04-081-2/+3
| | | | | | | Submitted by: Nathan Ahlstrom <nrahlstr@winternet.com> Notes: svn path=/head/; revision=45473
* Fix bug where 'ipfw list' would choke if there were a large number of rules.Archie Cobbs1999-01-221-79/+95
| | | | Notes: svn path=/head/; revision=43031
* Fix misleading wording in ipfw(8) man page.Archie Cobbs1999-01-211-3/+3
| | | | | | | PR: docs/9603 Notes: svn path=/head/; revision=43002
* Remove coredump when running "ipfw pipe" without more arguments.Luigi Rizzo1998-12-271-1/+4
| | | | | | | PR: 8937 Notes: svn path=/head/; revision=42073
* Mention affect of securelevel 3 and higher on attempts to change filter lists.Guy Helmer1998-12-161-0/+6
| | | | | | | Prompted by: PR docs/7785 Notes: svn path=/head/; revision=41873
* ipfw changes for dummynet. manpages still missingLuigi Rizzo1998-12-141-2/+155
| | | | Notes: svn path=/head/; revision=41795
* Disallow ipfw "tee" rules until it is actually implemented.Archie Cobbs1998-12-072-5/+10
| | | | | | | PR: bin/8471 Notes: svn path=/head/; revision=41576
* Preprocessor support for `ipfw [-q] ... file'.Joerg Wunsch1998-11-232-15/+145
| | | | | | | | | | | | | | | | | | | | | | This allows for more flexible ipfw configuration files using `variables' to describe frequently used items in the file, like the local IP address(es), interface names etc. Both m4 and cpp are useful and supported; with m4 being a little more unusual to the common C programmer, things like automatic rule numbering can be achieved fairly easy. While i was at it, i've also untangled some of the ugly style inside main(), and fixed a bug or two (like not being able to use blank lines when running with -q). A typical call with preprocessor invocation looks like ipfw -p m4 -Dhostname=$(hostname) /etc/fwrules Someone should probably add support for this feature to /etc/rc.firewall. Notes: svn path=/head/; revision=41308
* The flags type was recently changed from u_short to u_int, breakingAlexander Langer1998-09-281-10/+10
| | | | | | | | | | | | icmptypes. PR: 8067 Submitted by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.wave.home.com> While I'm here, staticize functions. Notes: svn path=/head/; revision=39734
* PR: 7475Peter Hawkins1998-08-042-8/+14
| | | | | | | | Added support for -q (suppress output) when firewall rules are taken from a file. Solves PR 7475 Notes: svn path=/head/; revision=38092
* Support for IPFW based transparent forwarding.Julian Elischer1998-07-062-3/+56
| | | | | | | | | | | | | | | | | Any packet that can be matched by a ipfw rule can be redirected transparently to another port or machine. Redirection to another port mostly makes sense with tcp, where a session can be set up between a proxy and an unsuspecting client. Redirection to another machine requires that the other machine also be expecting to receive the forwarded packets, as their headers will not have been modified. /sbin/ipfw must be recompiled!!! Reviewed by: Peter Wemm <peter@freebsd.org> Submitted by: Chrisy Luke <chrisy@flix.net> Notes: svn path=/head/; revision=37409
* Reminded by: Alex NashDaniel O'Callaghan1998-05-191-3/+3
| | | | | | | Bring man page up to date with -q flag behaviour. Notes: svn path=/head/; revision=36185
* Typo fix.Masafumi Max NAKANE1998-05-191-1/+1
| | | | Notes: svn path=/head/; revision=36170
* PR: 6641Daniel O'Callaghan1998-05-151-2/+2
| | | | | | | | Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Make -q work for zeroing a specific rule. Notes: svn path=/head/; revision=36065
* When ipfw reads its rules from an input file, the optind variable isPoul-Henning Kamp1998-04-221-1/+5
| | | | | | | | | | | | | not reinitialized to 1 after calling getopt. This results in parsing errors on all but the first rule. An added patch also allows '#' comments at the end of a line. PR: 6379 Reviewed by: phk Submitted by: Neal Fachan <kneel@ishiboo.com> Notes: svn path=/head/; revision=35379
* (evil) hackers -> crackersMartin Cracauer1998-04-081-3/+3
| | | | Notes: svn path=/head/; revision=35100
* .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq.Philippe Charnier1998-03-191-5/+7
| | | | Notes: svn path=/head/; revision=34673
* Get the arguments to show_usage right (like the MFC'ed code in -stable).Alexander Langer1998-03-131-3/+3
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=34538
generated by cgit v1.3 (git 2.53.0) at 2026-05-11 23:25:14 +0000