Date: Sun, 9 Jun 1996 16:46:25 -0700 (PDT) From: Alex Nash <alex> To: CVS-committers, cvs-all, cvs-sys Subject: cvs commit: src/sys/netinet ip_fw.c ip_fw.h Message-ID: <199606092346.QAA14051@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
alex 96/06/09 16:46:24
Modified: sys/netinet ip_fw.c ip_fw.h
Log:
Big sweep over ipfw, picking up where Poul left off:
- Log ICMP type during verbose output.
- Added IPFIREWALL_VERBOSE_LIMIT option to prevent denial of service
attacks via syslog flooding.
- Filter based on ICMP type.
- Timestamp chain entries when they are matched.
- Interfaces can now be matched with a wildcard specification (i.e.
will match any interface unit for a given name).
- Prevent the firewall chain from being manipulated when securelevel
is greater than 2.
- Fixed bug that allowed the default policy to be deleted.
- Ability to zero individual accounting entries.
- Remove definitions of old_chk_ptr and old_ctl_ptr when compiling
ipfw as a lkm.
- Remove some redundant code shared between ip_fw_init and ipfw_load.
Closes PRs: 1192, 1219, and 1267.
Revision Changes Path
1.37 +109 -66 src/sys/netinet/ip_fw.c
1.20 +26 -19 src/sys/netinet/ip_fw.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606092346.QAA14051>