aboutsummaryrefslogtreecommitdiff
path: root/etc/rc.firewall
Commit message (Expand)AuthorAgeFilesLines
* Fix a typo.Hiroki Sato2014-10-201-1/+2
* Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, whichHiroki Sato2014-10-171-3/+20
* Whitespace nitKevin Lo2012-07-131-2/+2
* Spelling fixes for etc/Ulrich Spörlein2012-01-071-5/+5
* Remove trailing white space. No functional changes.Doug Barton2010-05-141-3/+3
* Fix grammar in comment.Hajimu UMEMOTO2010-04-111-3/+3
* Disambiguate `IPs' to a more specific term.Hajimu UMEMOTO2010-04-081-6/+8
* firewall_trusted_ipv6 was gone by r202460. Remove stale comment aboutHajimu UMEMOTO2010-04-071-6/+1
* Remove the rules using 'me6'. Now, 'me' matches both any IPv6 addressHajimu UMEMOTO2010-01-171-45/+5
* The client type rule allows DHCP, implicitly. Since DHCPv6 usesHajimu UMEMOTO2010-01-091-0/+2
* Since the IPv4 rule allows ICMP_TIMXCEED, allowHajimu UMEMOTO2010-01-071-1/+4
* Add missing me6 rules. Now, the IPv6 rules become equivalentHajimu UMEMOTO2009-12-291-0/+29
* Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6Hajimu UMEMOTO2009-12-021-10/+146
* Allow the network addresses and interface names for the "client" andJohn Baldwin2008-08-151-6/+15
* For the "client" and "simple" network types, collapse the separate "net"John Baldwin2008-08-151-14/+11
* Use 'me' rather than explicit IP addresses for the "simple" and "client"John Baldwin2008-08-151-12/+9
* - back out my last commit as it seems to be wrong.Daniel Gerzo2008-08-031-2/+0
* - dns queries might go also over TCP, so allow it.Daniel Gerzo2008-07-171-0/+2
* Tweak rc.firewall to allow incoming limited broadcast traffic,Giorgos Keramidas2008-06-061-0/+3
* Improve kernel NAT support in rc.firewallRong-En Fan2008-01-211-1/+7
* o Correct an info about "Firewalls and Internet Security" book: name,Maxim Konovalov2008-01-121-7/+6
* s/IPFW(4)/ipfw(4) to match the actual man page name.Robert Watson2007-04-051-1/+1
* In rc.firewall, make it clear that this is the setup for IPFW(4), and notRobert Watson2007-04-021-1/+1
* Summer of Code 2005: improve libalias - part 2 of 2Paolo Pisati2006-12-291-0/+8
* Give rc.firewall a polish and a new method.Poul-Henning Kamp2006-10-281-16/+107
* don't match packets other than IPv4 against divert rule.Hajimu UMEMOTO2005-11-181-1/+1
* DNS should not necessarily be named(8), tweak the comment a bit.Ruslan Ermilov2003-11-021-1/+1
* Add a header: #!/bin/sh.Tom Rhodes2003-02-061-0/+1
* Bring rc.firewall{,6} more in line with the word and spirit ofCrist J. Clark2002-02-211-7/+17
* Remove a stale entry related to passing ARP with bridging and ipfw.Luigi Rizzo2001-12-271-2/+0
* Sync the code that sucks in rc.conf and friends with what's inDima Dorfman2001-08-141-5/+7
* style nitDavid E. O'Brien2001-03-061-1/+1
* Also deny 127.0.0.0/8 going out.David E. O'Brien2001-03-051-1/+2
* Fix references to Chapman & Zwicky and Cheswick & Bellowin.Dag-Erling Smørgrav2001-02-251-3/+5
* Fix some glaring insecurities in the prototype firewall configurations.Nick Sayer2001-02-201-8/+4
* Add copyright notices. Other systems have been barrowing our /etc filesDavid E. O'Brien2000-10-081-2/+29
* Only install `divert natd' rule for predefined firewall types,Ruslan Ermilov2000-08-301-3/+1
* Make natd(8) "compatible" with firewall_type="simple".Ruslan Ermilov2000-08-041-17/+46
* Update rev 1.29 -- 'draft-manning-dsua' is now in its 3rd version.David E. O'Brien2000-07-301-1/+3
* Add an explicit rule number to natd so you do not end up with twoPaul Saab2000-05-081-1/+1
* Add to defaults/rc.conf a new function source_rc_confs which rcSheldon Hearn2000-04-271-0/+1
* Back out the hook to execute the file ${firewall_type}. The intendedBrian S. Dean2000-04-271-3/+1
* Allow the firewall rules to be established by a shell script insteadBrian S. Dean2000-04-161-1/+3
* Add a firewall_flags option that is used when ipfw processes a file. It allowsPaul Richards2000-02-061-1/+1
* Update this with the additional nets recomended by readingRodney W. Grimes2000-01-281-14/+26
* Minor whitespace fix.David E. O'Brien1999-12-041-2/+1
* Pass IP fragments with non-zero offset. The semantics of matchingRuslan Ermilov1999-11-041-0/+6
* Add commented entry to the lo0 section inviting bridge users toNick Sayer1999-10-241-0/+2
* Allow for incoming DNS UDP queries.Ruslan Ermilov1999-10-201-0/+2
* Fix a typo in a comment.Mike Pritchard1999-09-301-1/+1