Poul-Henning Kamp
ae2a1587f0
Fix wrong logic, certain rules never matched.
1996-02-26 15:28:15 +00:00
Poul-Henning Kamp
09bb5f7589
Make getsockopt() capable of handling more than one mbuf worth of data.
...
Use this to read rules out of ipfw.
Add the lkm code to ipfw.c
1996-02-24 13:38:28 +00:00
Poul-Henning Kamp
b83e431483
The new firewall functionality:
...
Filter on the direction (in/out).
Filter on fragment/not fragment.
1996-02-24 00:17:35 +00:00
Poul-Henning Kamp
a2ebc3ee0f
I overlooked this one.
1996-02-23 20:11:37 +00:00
Poul-Henning Kamp
e7319bab6b
Big sweep over the IPFIREWALL and IPACCT code.
...
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.
Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
Poul-Henning Kamp
821c204e91
Make the sorting of IPFW rules an option. You don't want it to sort them.
...
>>>WARNING<<< you may have to revisit your firewall setup.
1996-02-03 11:48:12 +00:00
Bruce Evans
ce7609a49c
Completed function declarations and/or added prototypes.
1995-12-02 19:38:06 +00:00
Poul-Henning Kamp
0312fbe97d
New style sysctl & staticize alot of stuff.
1995-11-14 20:34:56 +00:00
Poul-Henning Kamp
a98ca4699e
Second batch of cleanup changes.
...
This time mostly making a lot of things static and some unused
variables here and there.
1995-10-29 15:33:36 +00:00
Ugen J.S. Antsilevich
7934237885
Support all the tcpflag options in firewall.
...
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
Ugen J.S. Antsilevich
37afa1e829
Well..finally..this is the first part..it should take care of
...
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
1995-10-01 21:52:50 +00:00
Gary Palmer
7d4aa0825d
Try to make the `syn' blocking code act a bit more sensibly - don't
...
block `syn' packets that have `ack' set.
Reviewed by:
Submitted by:
Obtained from:
1995-07-31 13:58:35 +00:00
David Greenman
f70b105004
Added $Id$.
1995-07-23 05:36:31 +00:00
David Greenman
c6e8c3576e
Fixed panic that occurs on certain firewall rejected packets that was
...
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.
Submitted by: Bill Fenner
1995-07-09 14:29:46 +00:00
David Greenman
09270166bb
This is the end result of about a dozen passes through this code to fix
...
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
1995-07-04 05:39:03 +00:00
David Greenman
ed64321cec
Define TRUE and FALSE.
1995-07-04 05:29:30 +00:00
David Greenman
7e9367a410
1) Removed bogus #include
...
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
1995-07-04 03:35:20 +00:00
Gary Palmer
06cf932bcb
Add a missing `goto' statement so that this compiles yet again.
1995-06-28 13:22:36 +00:00
Guido van Rooij
a0aa52a646
reject option in ip_fw used to panic the system. This fixes it.
...
-Guido
Reviewed by:
Submitted by:
Obtained from:
1995-06-27 17:26:27 +00:00
Rodney W. Grimes
9b2e535452
Remove trailing whitespace.
1995-05-30 08:16:23 +00:00
Rodney W. Grimes
b2b795f07c
Fix -Wformat warnings from LINT kernel.
1995-05-11 19:26:53 +00:00
Ugen J.S. Antsilevich
9870b4d2de
Allocate memory as M_IPFW,now we can watch firewall memory usage
...
in vmstat..
1995-03-12 13:28:13 +00:00
Ugen J.S. Antsilevich
29fe22b93f
Allow "via" to be specified ever as IP adress or
...
as interface name/unit...
1995-02-24 14:33:54 +00:00
Ugen J.S. Antsilevich
4dd1662b4c
Actual firewall change.
...
1) Firewall is not subdivided on forwarding / blocking chains
anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
1995-01-12 13:06:32 +00:00
Ugen J.S. Antsilevich
3107b31b8d
Add clear one accounting entry control.
...
Structure fields changed to seem more standart.
1994-12-13 15:57:34 +00:00
Ugen J.S. Antsilevich
f3caf95e23
Late patch for delete control..
1994-12-12 18:10:41 +00:00
Ugen J.S. Antsilevich
10a642bb05
Add match by interface from which packet arrived (via)
...
Handle right fragmented packets. Remove checking option
from kernel..
1994-12-12 17:20:55 +00:00
Ugen J.S. Antsilevich
c334f8666a
Added: ICMP reply,TCP SYN check,logging..
1994-11-28 12:35:14 +00:00
Jordan K. Hubbard
63f8d699ac
Ugen J.S.Antsilevich's latest, happiest, IP firewall code.
...
Poul: Please take this into BETA. It's non-intrusive, and a rather
substantial improvement over what was there before.
1994-11-16 10:17:11 +00:00
Jordan K. Hubbard
72e8fea57e
Almost 12th hour (the 11th hour was almost an hour ago :-) patches
...
from Ugen.
1994-11-08 12:47:29 +00:00
Jordan K. Hubbard
ad63b51399
2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich.
...
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here. Ugen?
Done!
Submitted by: ugen
1994-11-07 10:01:32 +00:00
Jordan K. Hubbard
0a87b23329
Latest changes from Uben.
...
Submitted by: uben
1994-10-31 23:58:04 +00:00
Jordan K. Hubbard
100ba1a617
IP Firewall code from Daniel Boulet and J.S.Antsilevich
...
Submitted by: danny ugen
1994-10-28 15:09:49 +00:00