d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,142 Commits 4 Branches 49 Tags 2 GiB
9ca1f77c28
Commit Graph

50 Commits

Author SHA1 Message Date
julian
9277e63302 Adding changes to ipfw and the kernel to support ip packet diversion.. 
This stuff should not be too destructive if the IPDIVERT is not compiled in..
 be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
 1996-07-10 19:44:30 +00:00
alex
911873413d Correct definition of 'established' keyword. 1996-07-02 00:29:22 +00:00
alex
edea64b844 Formatting fixes for 'in' and 'out' while listing. 
Prevent ALL protocol from being used with port specifications.

Allow 'via' keyword at any point in the options list.  Disallow
multiple 'via' specifications.
 1996-06-29 01:28:19 +00:00
alex
153deea5fa Fix port specification syntax. 
Submitted by:	nate
 1996-06-29 01:21:07 +00:00
alex
3a18399d4f Fix address mask calculation when using ':' syntax. Allow a mask 
of /0 to have the desired effect.  Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>

Code formatting and "frag" display fixes.
 1996-06-23 20:47:51 +00:00
alex
26ad2004f9 Set the program name before trying to use it. 
Found by: Aage Robekk <aagero@aage.priv.no>
 1996-06-18 01:46:34 +00:00
alex
46fc3f9b35 Fix a typo in the view accounting records example. 1996-06-15 23:01:44 +00:00
alex
595f5f5875 Bring the man page more into line with reality. 1996-06-15 01:38:51 +00:00
alex
9a01ae8a2a Big sweep over ipfw, picking up where Poul left off: 
- Filter based on ICMP types.
  - Accept interface wildcards (e.g. ppp*).
  - Resolve service names with the -N option.
  - Accept host names in 'from' and 'to' specifications
  - Display chain entry time stamps with the -t option.
  - Added URG to tcpflags.
  - Print usage if an unknown tcpflag is used.
  - Ability to zero individual accounting entries.
  - Clarify usage of port ranges.
  - Misc code cleanup.

Closes PRs: 1193, 1220, and 1266.
 1996-06-09 23:46:22 +00:00
phk
453e44c083 Some cosmetics and some better error-checking. 
Reviewed by:	phk
Submitted by:	"Daniel O'Callaghan" <danny@panda.hilink.com.au>
Submitted by:	Archie Cobbs <archie@whistle.com>
 1996-05-11 20:31:55 +00:00
phk
1ed2b37fd0 recognize "allow", "accept" and "pass" 
add new feature for "established"
 1996-04-03 13:49:10 +00:00
phk
e9ce06f14d A couple of bug-fixes. 
Reviewed by:	phk
Submitted by:	"Frank ten Wolde" <franky@pinewood.nl>
 1996-04-02 11:43:28 +00:00
phk
bd3794521a Update to match kernel code. 1996-02-24 13:39:46 +00:00
phk
4bcbc91c0c A new ipfw program that can set and control the new features. 
An almost correct usage is printed.
 1996-02-24 00:20:56 +00:00
phk
d2379a0d6e Update -current ipfw program as well. 
I hope it all compiles...
 1996-02-23 15:52:28 +00:00
phk
028a23209c Document that the firewall will no longer reorder the rules. 1996-02-13 15:20:20 +00:00
mpp
0d925cfda3 Fix a bunch of spelling errors. 1996-01-29 23:52:43 +00:00
peter
c3f352d4ad This commit was generated by cvs2svn to compensate for changes in r13122, 
which included commits to RCS files with non-trunk default branches.
 1995-12-30 19:02:48 +00:00
peter
ab124e78b0 recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
nate
6123290e32 Convert manpage to -mandoc macros. 
Submitted by:	Gary Palmer <gary@palmer.demon.co.uk>

Minor cleanup by me in the English.
 1995-10-26 05:36:24 +00:00
ugen
1074db22b1 Support all the tcpflag options in firewall. 
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
 1995-10-23 03:58:06 +00:00
ugen
9c1ca355a5 Support IP Option smatching in grammar and listing. 
TcpSyn option removed and will be shortly repoaced by support of all
TCP Flags including syn and ack...
 1995-10-01 21:54:05 +00:00
gpalmer
41fc38f808 Correct minor nit - to filter out SYN packets, the keyword is 
`syn' not `tcpsyn' (which matches `tcp' which blocks all tcp
packets)
 1995-08-31 21:12:05 +00:00
gpalmer
f4d751c609 Add $Id$ 1995-08-22 00:38:02 +00:00
rgrimes
f3a2b348da Remove trailing whitespace. 1995-05-30 06:12:45 +00:00
ugen
9c02dc08f0 make pass work also as the first keyword 
(while addf skipped)
Reviewed by:
Submitted by:
Obtained from:
 1995-03-30 12:18:10 +00:00
ugen
9448c15a5d Update manpage..BTW,if somebody wit good English 
would go through it and fix it would be a really good idea.
 1995-03-03 12:59:47 +00:00
ugen
08f16d8685 Oops..remove some debugging leftover.. 1995-03-03 12:47:23 +00:00
ugen
eae8a60e05 Ok..so everybody picking on me that ipfw syntacs 
is a pain in ...wel.. trying to fix this
 * from/to/via position indepenndant syntax
 * "any" for 0/0 host address
 * addf/addb default keyword in case you skip it..
 * pass = accept new action, seems to be somewhat better
   in particular cases
 * on = via (as on ed0 instead of via ed0,loook at
   reject tcp on ed0 from hacker )
 1995-03-03 12:28:34 +00:00
ugen
9c085a7dcf Fixed manpage..ldeny,lreject and log options are there 
and others not..
Submitted by:	torstenb@FreeBSD.ORG
 1995-02-27 10:52:22 +00:00
ugen
710cfa1891 Change utility to accept interface name 
along with IP as "via" argument
 1995-02-24 14:32:45 +00:00
jkh
bf0d9579bb ipfirewall.4 is obviously not here anymore! Adjust the Makefile. 1995-02-18 16:36:23 +00:00
ugen
825b23f4ea Finally document "via" feature.. 1995-02-17 15:44:08 +00:00
ugen
13a6aaa8e0 Ppl asked to make ipfw smarter..ok.. 
here it is..
 1995-02-14 09:34:04 +00:00
ugen
c5bdd3a729 Fix for rather stupid bug by which you couldn't set 
ports for the destination IP addr/port.
Nobody reported this btw , while a lot of other things reported-
probably ppl does not use destination ports at all????
 1995-02-14 08:28:27 +00:00
ugen
80de10dd9c Ok..at least this man page is up to date now 
To be continued..
 1995-02-09 13:13:18 +00:00
ugen
e681bf4b48 Utility changes following the facility. 
We have only one firewall chain and one accounting chain now.
   No blocking/forwarding so commands changed.
Man pages are somewhat out of date and will be updated ASAP.
 1995-01-12 13:01:21 +00:00
ugen
5a746995e3 Add interface to clear accounting entry option. 
Reflect ip_fw structure changes.
 1994-12-13 15:56:51 +00:00
ugen
d3899ce8a1 Add via option,minor changes to interface to reflect 
internal firewall changes.Check option disabled temporary.
 1994-12-12 17:19:33 +00:00
ats
d879492c2b Changed a reboot(1) to a reboot(8). 1994-12-11 23:27:59 +00:00
ugen
b682f16030 Interface changes to support additions to firewall. 1994-11-28 12:34:37 +00:00
ugen
695c3c825a G-d help me to do it right first time.... 
Minor patch to man page,test.
 1994-11-20 11:53:06 +00:00
jkh
74b1e0b017 New man pages from Ugen. Delete my old, first attempt. I only hope 
that the english in Ugen's two replacement pages is not too impenetrable! :-)
[Note:  Poul - please pull these into the BETA branch along with the
other firewall changes]

Submitted by:	ugen
 1994-11-17 09:50:30 +00:00
jkh
a8e45e5f34 Latest from Ugen J.S.Antsilevich" <ugen@NetVision.net.il>. Poul, please 
take this into BETA.
Submitted by:	ugen
 1994-11-16 10:18:18 +00:00
jkh
504234844c More 12th hour fixes from Ugen. 
Submitted by:	ugen
 1994-11-08 12:48:02 +00:00
jkh
7add8247a9 Latest changes from Uben. 
Submitted by:	uben
 1994-10-31 23:58:04 +00:00
jkh
a90bff7c68 Fix up the man page a little more, delete the README that crept in 
(but I'm actually just as happy to have in the attic, for reference).
 1994-10-28 15:12:22 +00:00
jkh
e0b6ad752c This commit was generated by cvs2svn to compensate for changes in r3965, 
which included commits to RCS files with non-trunk default branches.
 1994-10-28 15:06:53 +00:00
jkh
cb82096387 Add the ipfw command, for IP firewall construction. 
Submitted by:	danny ugen
 1994-10-28 15:06:53 +00:00
jkh
8f38a9e26e Add the ipfw command, for IP firewall construction. 
Submitted by:	danny ugen
 1994-10-28 15:06:53 +00:00