Julian Elischer
93e0e11657
Adding changes to ipfw and the kernel to support ip packet diversion..
...
This stuff should not be too destructive if the IPDIVERT is not compiled in..
be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
1996-07-10 19:44:30 +00:00
Alexander Langer
f8cc1596e7
Correct definition of 'established' keyword.
1996-07-02 00:29:22 +00:00
Alexander Langer
97842144e3
Formatting fixes for 'in' and 'out' while listing.
...
Prevent ALL protocol from being used with port specifications.
Allow 'via' keyword at any point in the options list. Disallow
multiple 'via' specifications.
1996-06-29 01:28:19 +00:00
Alexander Langer
700061451a
Fix port specification syntax.
...
Submitted by: nate
1996-06-29 01:21:07 +00:00
Alexander Langer
c06c129887
Fix address mask calculation when using ':' syntax. Allow a mask
...
of /0 to have the desired effect. Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>
Code formatting and "frag" display fixes.
1996-06-23 20:47:51 +00:00
Alexander Langer
2a7a2545a4
Set the program name before trying to use it.
...
Found by: Aage Robekk <aagero@aage.priv.no>
1996-06-18 01:46:34 +00:00
Alexander Langer
a85b3068a1
Fix a typo in the view accounting records example.
1996-06-15 23:01:44 +00:00
Alexander Langer
3f21e4122d
Bring the man page more into line with reality.
1996-06-15 01:38:51 +00:00
Alexander Langer
b55b9e3f1d
Big sweep over ipfw, picking up where Poul left off:
...
- Filter based on ICMP types.
- Accept interface wildcards (e.g. ppp*).
- Resolve service names with the -N option.
- Accept host names in 'from' and 'to' specifications
- Display chain entry time stamps with the -t option.
- Added URG to tcpflags.
- Print usage if an unknown tcpflag is used.
- Ability to zero individual accounting entries.
- Clarify usage of port ranges.
- Misc code cleanup.
Closes PRs: 1193, 1220, and 1266.
1996-06-09 23:46:22 +00:00
Poul-Henning Kamp
9f30a5482e
Some cosmetics and some better error-checking.
...
Reviewed by: phk
Submitted by: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Submitted by: Archie Cobbs <archie@whistle.com>
1996-05-11 20:31:55 +00:00
Poul-Henning Kamp
6cece43912
recognize "allow", "accept" and "pass"
...
add new feature for "established"
1996-04-03 13:49:10 +00:00
Poul-Henning Kamp
5cc7c95375
A couple of bug-fixes.
...
Reviewed by: phk
Submitted by: "Frank ten Wolde" <franky@pinewood.nl>
1996-04-02 11:43:28 +00:00
Poul-Henning Kamp
72ee2a8b10
Update to match kernel code.
1996-02-24 13:39:46 +00:00
Poul-Henning Kamp
5b0c234e20
A new ipfw program that can set and control the new features.
...
An almost correct usage is printed.
1996-02-24 00:20:56 +00:00
Poul-Henning Kamp
41955e9114
Update -current ipfw program as well.
...
I hope it all compiles...
1996-02-23 15:52:28 +00:00
Poul-Henning Kamp
cfe3bbfda2
Document that the firewall will no longer reorder the rules.
1996-02-13 15:20:20 +00:00
Mike Pritchard
e71057d8d0
Fix a bunch of spelling errors.
1996-01-29 23:52:43 +00:00
Peter Wemm
a5b996a7ec
recording cvs-1.6 file death
1995-12-30 19:02:48 +00:00
Nate Williams
01fc1ee969
Convert manpage to -mandoc macros.
...
Submitted by: Gary Palmer <gary@palmer.demon.co.uk>
Minor cleanup by me in the English.
1995-10-26 05:36:24 +00:00
Ugen J.S. Antsilevich
7934237885
Support all the tcpflag options in firewall.
...
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
Ugen J.S. Antsilevich
5a9bab798e
Support IP Option smatching in grammar and listing.
...
TcpSyn option removed and will be shortly repoaced by support of all
TCP Flags including syn and ack...
1995-10-01 21:54:05 +00:00
Gary Palmer
38a98b2254
Correct minor nit - to filter out SYN packets, the keyword is
...
`syn' not `tcpsyn' (which matches `tcp' which blocks all tcp
packets)
1995-08-31 21:12:05 +00:00
Gary Palmer
7852d4b660
Add $Id$
1995-08-22 00:38:02 +00:00
Rodney W. Grimes
5ebc7e6281
Remove trailing whitespace.
1995-05-30 06:12:45 +00:00
Ugen J.S. Antsilevich
9289ddbe2e
make pass work also as the first keyword
...
(while addf skipped)
Reviewed by:
Submitted by:
Obtained from:
1995-03-30 12:18:10 +00:00
Ugen J.S. Antsilevich
009f85df0b
Update manpage..BTW,if somebody wit good English
...
would go through it and fix it would be a really good idea.
1995-03-03 12:59:47 +00:00
Ugen J.S. Antsilevich
3c3f8b95a8
Oops..remove some debugging leftover..
1995-03-03 12:47:23 +00:00
Ugen J.S. Antsilevich
9071ec3796
Ok..so everybody picking on me that ipfw syntacs
...
is a pain in ...wel.. trying to fix this
* from/to/via position indepenndant syntax
* "any" for 0/0 host address
* addf/addb default keyword in case you skip it..
* pass = accept new action, seems to be somewhat better
in particular cases
* on = via (as on ed0 instead of via ed0,loook at
reject tcp on ed0 from hacker )
1995-03-03 12:28:34 +00:00
Ugen J.S. Antsilevich
ce83f1d6d8
Fixed manpage..ldeny,lreject and log options are there
...
and others not..
Submitted by: torstenb@FreeBSD.ORG
1995-02-27 10:52:22 +00:00
Ugen J.S. Antsilevich
ab7d7f5827
Change utility to accept interface name
...
along with IP as "via" argument
1995-02-24 14:32:45 +00:00
Jordan K. Hubbard
61a3cfb7a3
ipfirewall.4 is obviously not here anymore! Adjust the Makefile.
1995-02-18 16:36:23 +00:00
Ugen J.S. Antsilevich
96fd3f53e8
Finally document "via" feature..
1995-02-17 15:44:08 +00:00
Ugen J.S. Antsilevich
dbec390e8a
Ppl asked to make ipfw smarter..ok..
...
here it is..
1995-02-14 09:34:04 +00:00
Ugen J.S. Antsilevich
8f6466e847
Fix for rather stupid bug by which you couldn't set
...
ports for the destination IP addr/port.
Nobody reported this btw , while a lot of other things reported-
probably ppl does not use destination ports at all????
1995-02-14 08:28:27 +00:00
Ugen J.S. Antsilevich
742d9f28f7
Ok..at least this man page is up to date now
...
To be continued..
1995-02-09 13:13:18 +00:00
Ugen J.S. Antsilevich
98bee36695
Utility changes following the facility.
...
We have only one firewall chain and one accounting chain now.
No blocking/forwarding so commands changed.
Man pages are somewhat out of date and will be updated ASAP.
1995-01-12 13:01:21 +00:00
Ugen J.S. Antsilevich
611367b40f
Add interface to clear accounting entry option.
...
Reflect ip_fw structure changes.
1994-12-13 15:56:51 +00:00
Ugen J.S. Antsilevich
fab9e6db0e
Add via option,minor changes to interface to reflect
...
internal firewall changes.Check option disabled temporary.
1994-12-12 17:19:33 +00:00
Andreas Schulz
2a7abc9144
Changed a reboot(1) to a reboot(8).
1994-12-11 23:27:59 +00:00
Ugen J.S. Antsilevich
7985370449
Interface changes to support additions to firewall.
1994-11-28 12:34:37 +00:00
Ugen J.S. Antsilevich
1050b242d8
G-d help me to do it right first time....
...
Minor patch to man page,test.
1994-11-20 11:53:06 +00:00
Jordan K. Hubbard
c9a156d596
New man pages from Ugen. Delete my old, first attempt. I only hope
...
that the english in Ugen's two replacement pages is not too impenetrable! :-)
[Note: Poul - please pull these into the BETA branch along with the
other firewall changes]
Submitted by: ugen
1994-11-17 09:50:30 +00:00
Jordan K. Hubbard
33ccd78725
Latest from Ugen J.S.Antsilevich" <ugen@NetVision.net.il>. Poul, please
...
take this into BETA.
Submitted by: ugen
1994-11-16 10:18:18 +00:00
Jordan K. Hubbard
a0db5c7857
More 12th hour fixes from Ugen.
...
Submitted by: ugen
1994-11-08 12:48:02 +00:00
Jordan K. Hubbard
0a87b23329
Latest changes from Uben.
...
Submitted by: uben
1994-10-31 23:58:04 +00:00
Jordan K. Hubbard
5d39ab9169
Fix up the man page a little more, delete the README that crept in
...
(but I'm actually just as happy to have in the attic, for reference).
1994-10-28 15:12:22 +00:00
Jordan K. Hubbard
b877c0f37e
Add the ipfw command, for IP firewall construction.
...
Submitted by: danny ugen
1994-10-28 15:06:53 +00:00