| Commit message (Expand) | Author | Age | Files | Lines |
* | Fix a typo. | Hiroki Sato | 2014-10-20 | 1 | -1/+2 |
* | Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which | Hiroki Sato | 2014-10-17 | 1 | -3/+20 |
* | Whitespace nit | Kevin Lo | 2012-07-13 | 1 | -2/+2 |
* | Spelling fixes for etc/ | Ulrich Spörlein | 2012-01-07 | 1 | -5/+5 |
* | Remove trailing white space. No functional changes. | Doug Barton | 2010-05-14 | 1 | -3/+3 |
* | Fix grammar in comment. | Hajimu UMEMOTO | 2010-04-11 | 1 | -3/+3 |
* | Disambiguate `IPs' to a more specific term. | Hajimu UMEMOTO | 2010-04-08 | 1 | -6/+8 |
* | firewall_trusted_ipv6 was gone by r202460. Remove stale comment about | Hajimu UMEMOTO | 2010-04-07 | 1 | -6/+1 |
* | Remove the rules using 'me6'. Now, 'me' matches both any IPv6 address | Hajimu UMEMOTO | 2010-01-17 | 1 | -45/+5 |
* | The client type rule allows DHCP, implicitly. Since DHCPv6 uses | Hajimu UMEMOTO | 2010-01-09 | 1 | -0/+2 |
* | Since the IPv4 rule allows ICMP_TIMXCEED, allow | Hajimu UMEMOTO | 2010-01-07 | 1 | -1/+4 |
* | Add missing me6 rules. Now, the IPv6 rules become equivalent | Hajimu UMEMOTO | 2009-12-29 | 1 | -0/+29 |
* | Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6 | Hajimu UMEMOTO | 2009-12-02 | 1 | -10/+146 |
* | Allow the network addresses and interface names for the "client" and | John Baldwin | 2008-08-15 | 1 | -6/+15 |
* | For the "client" and "simple" network types, collapse the separate "net" | John Baldwin | 2008-08-15 | 1 | -14/+11 |
* | Use 'me' rather than explicit IP addresses for the "simple" and "client" | John Baldwin | 2008-08-15 | 1 | -12/+9 |
* | - back out my last commit as it seems to be wrong. | Daniel Gerzo | 2008-08-03 | 1 | -2/+0 |
* | - dns queries might go also over TCP, so allow it. | Daniel Gerzo | 2008-07-17 | 1 | -0/+2 |
* | Tweak rc.firewall to allow incoming limited broadcast traffic, | Giorgos Keramidas | 2008-06-06 | 1 | -0/+3 |
* | Improve kernel NAT support in rc.firewall | Rong-En Fan | 2008-01-21 | 1 | -1/+7 |
* | o Correct an info about "Firewalls and Internet Security" book: name, | Maxim Konovalov | 2008-01-12 | 1 | -7/+6 |
* | s/IPFW(4)/ipfw(4) to match the actual man page name. | Robert Watson | 2007-04-05 | 1 | -1/+1 |
* | In rc.firewall, make it clear that this is the setup for IPFW(4), and not | Robert Watson | 2007-04-02 | 1 | -1/+1 |
* | Summer of Code 2005: improve libalias - part 2 of 2 | Paolo Pisati | 2006-12-29 | 1 | -0/+8 |
* | Give rc.firewall a polish and a new method. | Poul-Henning Kamp | 2006-10-28 | 1 | -16/+107 |
* | don't match packets other than IPv4 against divert rule. | Hajimu UMEMOTO | 2005-11-18 | 1 | -1/+1 |
* | DNS should not necessarily be named(8), tweak the comment a bit. | Ruslan Ermilov | 2003-11-02 | 1 | -1/+1 |
* | Add a header: #!/bin/sh. | Tom Rhodes | 2003-02-06 | 1 | -0/+1 |
* | Bring rc.firewall{,6} more in line with the word and spirit of | Crist J. Clark | 2002-02-21 | 1 | -7/+17 |
* | Remove a stale entry related to passing ARP with bridging and ipfw. | Luigi Rizzo | 2001-12-27 | 1 | -2/+0 |
* | Sync the code that sucks in rc.conf and friends with what's in | Dima Dorfman | 2001-08-14 | 1 | -5/+7 |
* | style nit | David E. O'Brien | 2001-03-06 | 1 | -1/+1 |
* | Also deny 127.0.0.0/8 going out. | David E. O'Brien | 2001-03-05 | 1 | -1/+2 |
* | Fix references to Chapman & Zwicky and Cheswick & Bellowin. | Dag-Erling Smørgrav | 2001-02-25 | 1 | -3/+5 |
* | Fix some glaring insecurities in the prototype firewall configurations. | Nick Sayer | 2001-02-20 | 1 | -8/+4 |
* | Add copyright notices. Other systems have been barrowing our /etc files | David E. O'Brien | 2000-10-08 | 1 | -2/+29 |
* | Only install `divert natd' rule for predefined firewall types, | Ruslan Ermilov | 2000-08-30 | 1 | -3/+1 |
* | Make natd(8) "compatible" with firewall_type="simple". | Ruslan Ermilov | 2000-08-04 | 1 | -17/+46 |
* | Update rev 1.29 -- 'draft-manning-dsua' is now in its 3rd version. | David E. O'Brien | 2000-07-30 | 1 | -1/+3 |
* | Add an explicit rule number to natd so you do not end up with two | Paul Saab | 2000-05-08 | 1 | -1/+1 |
* | Add to defaults/rc.conf a new function source_rc_confs which rc | Sheldon Hearn | 2000-04-27 | 1 | -0/+1 |
* | Back out the hook to execute the file ${firewall_type}. The intended | Brian S. Dean | 2000-04-27 | 1 | -3/+1 |
* | Allow the firewall rules to be established by a shell script instead | Brian S. Dean | 2000-04-16 | 1 | -1/+3 |
* | Add a firewall_flags option that is used when ipfw processes a file. It allows | Paul Richards | 2000-02-06 | 1 | -1/+1 |
* | Update this with the additional nets recomended by reading | Rodney W. Grimes | 2000-01-28 | 1 | -14/+26 |
* | Minor whitespace fix. | David E. O'Brien | 1999-12-04 | 1 | -2/+1 |
* | Pass IP fragments with non-zero offset. The semantics of matching | Ruslan Ermilov | 1999-11-04 | 1 | -0/+6 |
* | Add commented entry to the lo0 section inviting bridge users to | Nick Sayer | 1999-10-24 | 1 | -0/+2 |
* | Allow for incoming DNS UDP queries. | Ruslan Ermilov | 1999-10-20 | 1 | -0/+2 |
* | Fix a typo in a comment. | Mike Pritchard | 1999-09-30 | 1 | -1/+1 |