1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00
Commit Graph

197 Commits

Author SHA1 Message Date
Julian Elischer
93e0e11657 Adding changes to ipfw and the kernel to support ip packet diversion..
This stuff should not be too destructive if the IPDIVERT is not compiled in..
 be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
1996-07-10 19:44:30 +00:00
Alexander Langer
f8cc1596e7 Correct definition of 'established' keyword. 1996-07-02 00:29:22 +00:00
Alexander Langer
97842144e3 Formatting fixes for 'in' and 'out' while listing.
Prevent ALL protocol from being used with port specifications.

Allow 'via' keyword at any point in the options list.  Disallow
multiple 'via' specifications.
1996-06-29 01:28:19 +00:00
Alexander Langer
700061451a Fix port specification syntax.
Submitted by:	nate
1996-06-29 01:21:07 +00:00
Alexander Langer
c06c129887 Fix address mask calculation when using ':' syntax. Allow a mask
of /0 to have the desired effect.  Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>

Code formatting and "frag" display fixes.
1996-06-23 20:47:51 +00:00
Alexander Langer
2a7a2545a4 Set the program name before trying to use it.
Found by: Aage Robekk <aagero@aage.priv.no>
1996-06-18 01:46:34 +00:00
Alexander Langer
a85b3068a1 Fix a typo in the view accounting records example. 1996-06-15 23:01:44 +00:00
Alexander Langer
3f21e4122d Bring the man page more into line with reality. 1996-06-15 01:38:51 +00:00
Alexander Langer
b55b9e3f1d Big sweep over ipfw, picking up where Poul left off:
- Filter based on ICMP types.
  - Accept interface wildcards (e.g. ppp*).
  - Resolve service names with the -N option.
  - Accept host names in 'from' and 'to' specifications
  - Display chain entry time stamps with the -t option.
  - Added URG to tcpflags.
  - Print usage if an unknown tcpflag is used.
  - Ability to zero individual accounting entries.
  - Clarify usage of port ranges.
  - Misc code cleanup.

Closes PRs: 1193, 1220, and 1266.
1996-06-09 23:46:22 +00:00
Poul-Henning Kamp
9f30a5482e Some cosmetics and some better error-checking.
Reviewed by:	phk
Submitted by:	"Daniel O'Callaghan" <danny@panda.hilink.com.au>
Submitted by:	Archie Cobbs <archie@whistle.com>
1996-05-11 20:31:55 +00:00
Poul-Henning Kamp
6cece43912 recognize "allow", "accept" and "pass"
add new feature for "established"
1996-04-03 13:49:10 +00:00
Poul-Henning Kamp
5cc7c95375 A couple of bug-fixes.
Reviewed by:	phk
Submitted by:	"Frank ten Wolde" <franky@pinewood.nl>
1996-04-02 11:43:28 +00:00
Poul-Henning Kamp
72ee2a8b10 Update to match kernel code. 1996-02-24 13:39:46 +00:00
Poul-Henning Kamp
5b0c234e20 A new ipfw program that can set and control the new features.
An almost correct usage is printed.
1996-02-24 00:20:56 +00:00
Poul-Henning Kamp
41955e9114 Update -current ipfw program as well.
I hope it all compiles...
1996-02-23 15:52:28 +00:00
Poul-Henning Kamp
cfe3bbfda2 Document that the firewall will no longer reorder the rules. 1996-02-13 15:20:20 +00:00
Mike Pritchard
e71057d8d0 Fix a bunch of spelling errors. 1996-01-29 23:52:43 +00:00
Peter Wemm
a5b996a7ec recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
Nate Williams
01fc1ee969 Convert manpage to -mandoc macros.
Submitted by:	Gary Palmer <gary@palmer.demon.co.uk>

Minor cleanup by me in the English.
1995-10-26 05:36:24 +00:00
Ugen J.S. Antsilevich
7934237885 Support all the tcpflag options in firewall.
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
Ugen J.S. Antsilevich
5a9bab798e Support IP Option smatching in grammar and listing.
TcpSyn option removed and will be shortly repoaced by support of all
TCP Flags including syn and ack...
1995-10-01 21:54:05 +00:00
Gary Palmer
38a98b2254 Correct minor nit - to filter out SYN packets, the keyword is
`syn' not `tcpsyn' (which matches `tcp' which blocks all tcp
packets)
1995-08-31 21:12:05 +00:00
Gary Palmer
7852d4b660 Add $Id$ 1995-08-22 00:38:02 +00:00
Rodney W. Grimes
5ebc7e6281 Remove trailing whitespace. 1995-05-30 06:12:45 +00:00
Ugen J.S. Antsilevich
9289ddbe2e make pass work also as the first keyword
(while addf skipped)
Reviewed by:
Submitted by:
Obtained from:
1995-03-30 12:18:10 +00:00
Ugen J.S. Antsilevich
009f85df0b Update manpage..BTW,if somebody wit good English
would go through it and fix it would be a really good idea.
1995-03-03 12:59:47 +00:00
Ugen J.S. Antsilevich
3c3f8b95a8 Oops..remove some debugging leftover.. 1995-03-03 12:47:23 +00:00
Ugen J.S. Antsilevich
9071ec3796 Ok..so everybody picking on me that ipfw syntacs
is a pain in ...wel.. trying to fix this
 * from/to/via position indepenndant syntax
 * "any" for 0/0 host address
 * addf/addb default keyword in case you skip it..
 * pass = accept new action, seems to be somewhat better
   in particular cases
 * on = via (as on ed0 instead of via ed0,loook at
   reject tcp on ed0 from hacker )
1995-03-03 12:28:34 +00:00
Ugen J.S. Antsilevich
ce83f1d6d8 Fixed manpage..ldeny,lreject and log options are there
and others not..
Submitted by:	torstenb@FreeBSD.ORG
1995-02-27 10:52:22 +00:00
Ugen J.S. Antsilevich
ab7d7f5827 Change utility to accept interface name
along with IP as "via" argument
1995-02-24 14:32:45 +00:00
Jordan K. Hubbard
61a3cfb7a3 ipfirewall.4 is obviously not here anymore! Adjust the Makefile. 1995-02-18 16:36:23 +00:00
Ugen J.S. Antsilevich
96fd3f53e8 Finally document "via" feature.. 1995-02-17 15:44:08 +00:00
Ugen J.S. Antsilevich
dbec390e8a Ppl asked to make ipfw smarter..ok..
here it is..
1995-02-14 09:34:04 +00:00
Ugen J.S. Antsilevich
8f6466e847 Fix for rather stupid bug by which you couldn't set
ports for the destination IP addr/port.
Nobody reported this btw , while a lot of other things reported-
probably ppl does not use destination ports at all????
1995-02-14 08:28:27 +00:00
Ugen J.S. Antsilevich
742d9f28f7 Ok..at least this man page is up to date now
To be continued..
1995-02-09 13:13:18 +00:00
Ugen J.S. Antsilevich
98bee36695 Utility changes following the facility.
We have only one firewall chain and one accounting chain now.
   No blocking/forwarding so commands changed.
Man pages are somewhat out of date and will be updated ASAP.
1995-01-12 13:01:21 +00:00
Ugen J.S. Antsilevich
611367b40f Add interface to clear accounting entry option.
Reflect ip_fw structure changes.
1994-12-13 15:56:51 +00:00
Ugen J.S. Antsilevich
fab9e6db0e Add via option,minor changes to interface to reflect
internal firewall changes.Check option disabled temporary.
1994-12-12 17:19:33 +00:00
Andreas Schulz
2a7abc9144 Changed a reboot(1) to a reboot(8). 1994-12-11 23:27:59 +00:00
Ugen J.S. Antsilevich
7985370449 Interface changes to support additions to firewall. 1994-11-28 12:34:37 +00:00
Ugen J.S. Antsilevich
1050b242d8 G-d help me to do it right first time....
Minor patch to man page,test.
1994-11-20 11:53:06 +00:00
Jordan K. Hubbard
c9a156d596 New man pages from Ugen. Delete my old, first attempt. I only hope
that the english in Ugen's two replacement pages is not too impenetrable! :-)
[Note:  Poul - please pull these into the BETA branch along with the
other firewall changes]

Submitted by:	ugen
1994-11-17 09:50:30 +00:00
Jordan K. Hubbard
33ccd78725 Latest from Ugen J.S.Antsilevich" <ugen@NetVision.net.il>. Poul, please
take this into BETA.
Submitted by:	ugen
1994-11-16 10:18:18 +00:00
Jordan K. Hubbard
a0db5c7857 More 12th hour fixes from Ugen.
Submitted by:	ugen
1994-11-08 12:48:02 +00:00
Jordan K. Hubbard
0a87b23329 Latest changes from Uben.
Submitted by:	uben
1994-10-31 23:58:04 +00:00
Jordan K. Hubbard
5d39ab9169 Fix up the man page a little more, delete the README that crept in
(but I'm actually just as happy to have in the attic, for reference).
1994-10-28 15:12:22 +00:00
Jordan K. Hubbard
b877c0f37e Add the ipfw command, for IP firewall construction.
Submitted by:	danny ugen
1994-10-28 15:06:53 +00:00