This stuff should not be too destructive if the IPDIVERT is not compiled in..
be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
Prevent ALL protocol from being used with port specifications.
Allow 'via' keyword at any point in the options list. Disallow
multiple 'via' specifications.
of /0 to have the desired effect. Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>
Code formatting and "frag" display fixes.
- Filter based on ICMP types.
- Accept interface wildcards (e.g. ppp*).
- Resolve service names with the -N option.
- Accept host names in 'from' and 'to' specifications
- Display chain entry time stamps with the -t option.
- Added URG to tcpflags.
- Print usage if an unknown tcpflag is used.
- Ability to zero individual accounting entries.
- Clarify usage of port ranges.
- Misc code cleanup.
Closes PRs: 1193, 1220, and 1266.
is a pain in ...wel.. trying to fix this
* from/to/via position indepenndant syntax
* "any" for 0/0 host address
* addf/addb default keyword in case you skip it..
* pass = accept new action, seems to be somewhat better
in particular cases
* on = via (as on ed0 instead of via ed0,loook at
reject tcp on ed0 from hacker )
ports for the destination IP addr/port.
Nobody reported this btw , while a lot of other things reported-
probably ppl does not use destination ports at all????
We have only one firewall chain and one accounting chain now.
No blocking/forwarding so commands changed.
Man pages are somewhat out of date and will be updated ASAP.
