Ruslan Ermilov
3d23e8b897
If the -proxy_only option is used, the -alias_address/-interface
...
options are not required.
Suggested by: Vaclav Petricek
MFC after: 2 weeks
2003-06-13 22:15:42 +00:00
Ruslan Ermilov
01ba618f4a
Don't pretend natd(8) doesn't work with ppp(8) interfaces.
...
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.
Noticed by: bde
2003-02-28 15:41:45 +00:00
Philippe Charnier
29e3edcc64
Use a more standard error message. Add FBSDID.
...
Reviewed by: ru
2003-02-05 20:08:39 +00:00
Ruslan Ermilov
496f81e0bb
Fixed Charles' e-mail here too.
2003-01-23 08:35:21 +00:00
Jens Schweikhardt
9d5abbddbf
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
...
especially in troff files.
2003-01-01 18:49:04 +00:00
Ruslan Ermilov
e091d0c2ac
can not -> cannot.
2002-08-13 14:10:36 +00:00
Ruslan Ermilov
aa7998d4a1
mdoc(7) police: canonize FreeBSD in e-mail address.
2002-08-13 12:07:40 +00:00
Philippe Charnier
e1205e80e5
The .Nm utility
2002-07-06 19:34:18 +00:00
Archie Cobbs
0099af422c
Update my email address.
2002-07-03 20:50:32 +00:00
Ruslan Ermilov
99150dfb78
I don't know what the MAINTAINER means in src/ part of FreeBSD.
...
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
2002-04-12 19:11:09 +00:00
Ruslan Ermilov
3daff2423f
Back out part of the revision 1.2 changes -- sendto(2) can
...
not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com
Explained by: luigi
Reviewed by: Ari Suutari <ari.suutari@syncrontech.com>
MFC after: 2 weeks
2002-01-15 17:07:56 +00:00
Ruslan Ermilov
e21a315ec5
s/sysctl -w/sysctl/
2001-12-11 08:29:10 +00:00
David E. O'Brien
2d68bf45bf
Default to WARNS=2.
...
Binary builds that cannot handle this must explicitly set WARNS=0.
Reviewed by: mike
2001-12-04 02:19:58 +00:00
Ruslan Ermilov
c0956cf876
Make -log_ipfw_denied active by default with -verbose.
...
Discussed with: phk
2001-11-27 11:06:02 +00:00
Ruslan Ermilov
3843533e18
Fixed (local) style bugs in previous revision.
2001-11-27 11:00:16 +00:00
Poul-Henning Kamp
84ef95bd6e
Do not uselessly whine in syslog about packets denied by ipfw rules.
...
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks
2001-10-31 16:08:49 +00:00
Ruslan Ermilov
c4d9468ea0
mdoc(7) police:
...
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Ruslan Ermilov
9fe48c6e8d
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 11:04:34 +00:00
Josef Karthauser
d782daf041
Revert the previous commit on objection from the maintainer. I
...
missed that natd has a -v option that will give similar functionality.
Requested by: ru
2001-06-21 12:32:36 +00:00
Josef Karthauser
dc2ea2d874
When reporting that a packet can't be written back, usually because
...
of a restrictive firewall rule, also report detail on the packet
that caused the failure.
MFC after: 3 days
2001-06-21 10:28:40 +00:00
Ruslan Ermilov
eb0838029f
mdoc(7) police: normalize .Nd.
2001-04-18 15:54:10 +00:00
Ruslan Ermilov
0a5779d45b
- Backout botched attempt to introduce MANSECT feature.
...
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
Ruslan Ermilov
fe655281c5
Set the default manual section for sbin/ to 8.
2001-03-20 18:13:31 +00:00
Ruslan Ermilov
d0353b836e
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 16:38:02 +00:00
Ruslan Ermilov
7c7fb079b9
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 16:52:27 +00:00
Ruslan Ermilov
d2a46bc99d
Describe -deny_incoming better, highlight some keywords,
...
add myself to the AUTHORS section.
2000-11-16 12:20:54 +00:00
Ben Smithurst
32e5e4cfc3
more removal of trailing periods from SEE ALSO.
2000-11-15 16:44:24 +00:00
Ruslan Ermilov
ecd1fe62de
Suggest looking at rc.conf(5) on how to start natd(8) during boot.
...
Submitted by: dcs
2000-07-17 10:06:54 +00:00
Kris Kennaway
04d06bb686
Don't call warn() with no format string.
2000-07-10 08:14:18 +00:00
Ruslan Ermilov
f685a909b5
"Ease understanding" of how -punch_fw works.
...
Reviewed by: sheldonh
2000-06-29 09:52:14 +00:00
Ruslan Ermilov
bc4ebb98dc
Added new option (-punch_fw) which allows to `punch holes'
...
in the ipfirewall(4) for incoming FTP/IRC DCC connections.
Submitted by: Rene de Vries <rene@canyon.demon.nl>
Rewritten by: ru
2000-06-27 15:26:24 +00:00
Ruslan Ermilov
5a424c8cc0
- mdoc(7) style cleanup
...
- new version of security note from alex.
2000-06-27 11:39:36 +00:00
Alexander Langer
7731ee5af9
Back out both previous commits.
...
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.
Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.
Pointy hat: alex
Beer on next meeting: ru
2000-06-26 17:18:34 +00:00
Alexander Langer
54c593c69c
Add note about security concerns w/o a firewall but other machines
...
on your LAN to the "RUNNING NATD" introduction.
In a different way requested by:
PR: 18802
Submitted by: Zachary K Drew <drew0054@tc.umn.edu>
2000-06-26 14:52:39 +00:00
Alexander Langer
27d19e4e41
mdoc style cleanup.
...
Reviewed by: sheldonh
2000-06-26 14:44:31 +00:00
Ruslan Ermilov
dc1a022582
Remove ``pptpalias'' since this is now done transparently by libalias(3).
2000-06-20 12:52:27 +00:00
Ruslan Ermilov
b0f55af68f
Remove unused parameter.
2000-06-16 09:41:57 +00:00
Sheldon Hearn
3de0a719e7
Fix a small grammar nit, with the maintainer's implicit approval.
2000-05-22 08:41:57 +00:00
Ruslan Ermilov
11c2b3bf00
Add new option (-target_addr) to control how to deal with incoming packets
...
not associated with any pre-existing link.
Submitted by: brian
2000-05-18 10:31:10 +00:00
Ruslan Ermilov
4330006d9e
New option: -redirect_proto.
2000-05-03 15:06:45 +00:00
Josef Karthauser
30395bb5f1
Fixes a potential buffer overflow with the command line arguments.
...
Submitted by: Mike Heffner <spock@techfour.net>
Submitted on: audit@freebsd.org
2000-04-30 20:53:54 +00:00
Ruslan Ermilov
bd69051080
Load Sharing using IP Network Address Translation (RFC 2391, LSNAT).
2000-04-27 17:55:17 +00:00
Brian Somers
7ffac027b3
Correct Charles Mott's email address
...
Requested by: cmott@scientech.com
2000-04-02 20:23:34 +00:00
Sheldon Hearn
ef8f7ac935
Remove single-space hard sentence breaks. These degrade the quality
...
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
Brian Somers
a786a19657
Suggest ppp -nat, not ppp -alias
2000-02-26 13:13:16 +00:00
Ruslan Ermilov
d99cc1da8a
Remove the config file line length restriction.
...
PR: 16900
Reviewed by: "Crist J. Clark" <cjclark@home.com>, jkh
Approved by: jkh
2000-02-25 11:34:38 +00:00
Ruslan Ermilov
6f3dbe5e1a
Now that kernel is capable of notifying user processes about
...
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.
PR: 15494
2000-01-25 12:24:06 +00:00
Mike Pritchard
2522bece25
Minor grammar fix.
1999-10-30 19:33:41 +00:00
Ruslan Ermilov
4c04fa4c1a
ioctl -> sysctl for interface address changes.
...
PR: 14169
Reviewed by: Ari Suutari <ari@suutari.iki.fi>
1999-10-13 09:00:16 +00:00
Ruslan Ermilov
04bf7dcfeb
Fixed the description of how packets re-enter IP firewall filter.
...
Suggested by: Ari Suutari <ari@suutari.iki.fi>
1999-10-06 09:26:39 +00:00