Commit Graph

85 Commits

Author SHA1 Message Date
ru
355d5a7bfe Back out part of the revision 1.2 changes -- sendto(2) can
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
2002-01-15 17:07:56 +00:00
ru
185a7f456d s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
obrien
a537f22ad4 Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
ru
f630347cc2 Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
ru
ce511dbe39 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
phk
69ad4610c4 Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
ru
09d142dfd5 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
ru
cb3283b5da mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
joe
ce9a6c8de1 Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
joe
dcbb32a317 When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
ru
1db489053b mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
e7c03cd6b0 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
ru
e2a472a47a Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
ru
b1c3961564 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
ru
d16dd614f6 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
ru
b9140212f2 Describe -deny_incoming better, highlight some keywords,
add myself to the AUTHORS section.
2000-11-16 12:20:54 +00:00
ben
6f0ff396c7 more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
ru
ebb3d17f41 Suggest looking at rc.conf(5) on how to start natd(8) during boot.
Submitted by:	dcs
2000-07-17 10:06:54 +00:00
kris
df586766ed Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
ru
9a969be497 "Ease understanding" of how -punch_fw works.
Reviewed by:	sheldonh
2000-06-29 09:52:14 +00:00
ru
e64c6de102 Added new option (-punch_fw) which allows to `punch holes'
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
2000-06-27 15:26:24 +00:00
ru
4c99e0d01f - mdoc(7) style cleanup
- new version of security note from alex.
2000-06-27 11:39:36 +00:00
alex
0d49483c6e Back out both previous commits.
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat:		alex
Beer on next meeting:	ru
2000-06-26 17:18:34 +00:00
alex
0a892f4a8a Add note about security concerns w/o a firewall but other machines
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR:		18802
Submitted by:	Zachary K Drew <drew0054@tc.umn.edu>
2000-06-26 14:52:39 +00:00
alex
c57ce365c0 mdoc style cleanup.
Reviewed by:	sheldonh
2000-06-26 14:44:31 +00:00
ru
88883ae776 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
ru
0abf72a516 Remove unused parameter. 2000-06-16 09:41:57 +00:00
sheldonh
81dd124aeb Fix a small grammar nit, with the maintainer's implicit approval. 2000-05-22 08:41:57 +00:00
ru
e18cc21c76 Add new option (-target_addr) to control how to deal with incoming packets
not associated with any pre-existing link.

Submitted by:	brian
2000-05-18 10:31:10 +00:00
ru
20c0349981 New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
joe
bac5045cd6 Fixes a potential buffer overflow with the command line arguments.
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
2000-04-30 20:53:54 +00:00
ru
35ea13cc5f Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
brian
2577c085b5 Correct Charles Mott's email address
Requested by: cmott@scientech.com
2000-04-02 20:23:34 +00:00
sheldonh
ad4c77c29e Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
brian
669d0cd733 Suggest ppp -nat, not ppp -alias 2000-02-26 13:13:16 +00:00
ru
b678ac021d Remove the config file line length restriction.
PR:		16900
Reviewed by:	"Crist J. Clark" <cjclark@home.com>, jkh
Approved by:	jkh
2000-02-25 11:34:38 +00:00
ru
5f276b7f68 Now that kernel is capable of notifying user processes about
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.

PR:		15494
2000-01-25 12:24:06 +00:00
mpp
da4c7a74d4 Minor grammar fix. 1999-10-30 19:33:41 +00:00
ru
930183a04c ioctl -> sysctl for interface address changes.
PR:		14169
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-10-13 09:00:16 +00:00
ru
47f5fade12 Fixed the description of how packets re-enter IP firewall filter.
Suggested by:	Ari Suutari <ari@suutari.iki.fi>
1999-10-06 09:26:39 +00:00
ru
276330363e Do not defer setting of the aliasing address from
interface name if not operating in dynamic mode.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-28 08:01:46 +00:00
ru
f85cd584ed `permanent_link' is obsolete; update examples. 1999-09-13 18:18:33 +00:00
ru
5a32c0e595 Add Ari Suutari as a maintainer.
Approved by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-13 18:16:38 +00:00
ru
63c1c1de6f Config file parser changes:
- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-07 15:34:12 +00:00
ru
d5c1ddac6f Allow signals to interrupt system calls.
Remove redundant signal() call.

PR:		6676
Submitted by:	luoqi
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-02 15:17:25 +00:00
peter
e226894fa0 $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
chris
9be2f2c0b2 Bad cross-reference of getservbyname(2) changed to getservbyname(3)
Reviewed by:	ru
1999-08-18 01:20:07 +00:00
ru
1f9d9df94a Become a maintainer.
Approved by:	brian
1999-07-28 08:50:42 +00:00
ru
919b1dc10d Back out previous commit. 1999-07-28 08:38:26 +00:00
brian
f31bc07f6a Mention that data going from one internal address to another will
not be processed by natd.
Requested by: Ludwig Pummer <ludwigp@bigfoot.com>
1999-06-21 07:58:25 +00:00