From owner-cvs-sys  Sun Jun  9 16:46:36 1996
Return-Path: owner-cvs-sys
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA14124
          for cvs-sys-outgoing; Sun, 9 Jun 1996 16:46:36 -0700 (PDT)
Received: (from alex@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA14051;
          Sun, 9 Jun 1996 16:46:25 -0700 (PDT)
Date: Sun, 9 Jun 1996 16:46:25 -0700 (PDT)
From: Alex Nash <alex>
Message-Id: <199606092346.QAA14051@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-sys
Subject: cvs commit:  src/sys/netinet ip_fw.c ip_fw.h
Sender: owner-cvs-sys@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

alex        96/06/09 16:46:24

  Modified:    sys/netinet  ip_fw.c ip_fw.h
  Log:
  Big sweep over ipfw, picking up where Poul left off:
  
    - Log ICMP type during verbose output.
    - Added IPFIREWALL_VERBOSE_LIMIT option to prevent denial of service
      attacks via syslog flooding.
    - Filter based on ICMP type.
    - Timestamp chain entries when they are matched.
    - Interfaces can now be matched with a wildcard specification (i.e.
      will match any interface unit for a given name).
    - Prevent the firewall chain from being manipulated when securelevel
      is greater than 2.
    - Fixed bug that allowed the default policy to be deleted.
    - Ability to zero individual accounting entries.
    - Remove definitions of old_chk_ptr and old_ctl_ptr when compiling
      ipfw as a lkm.
    - Remove some redundant code shared between ip_fw_init and ipfw_load.
  
  Closes PRs: 1192, 1219, and 1267.
  
  Revision  Changes    Path
  1.37      +109 -66   src/sys/netinet/ip_fw.c
  1.20      +26 -19    src/sys/netinet/ip_fw.h