From owner-cvs-sys Sun Jun 1 22:03:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA26921 for cvs-sys-outgoing; Sun, 1 Jun 1997 22:03:50 -0700 (PDT) Received: from freefall.freebsd.org (freefall.cdrom.com [204.216.27.21]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA26873; Sun, 1 Jun 1997 22:03:13 -0700 (PDT) From: Julian Elischer Received: (from julian@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA07169; Sun, 1 Jun 1997 22:02:38 -0700 (PDT) Date: Sun, 1 Jun 1997 22:02:38 -0700 (PDT) Message-Id: <199706020502.WAA07169@freefall.freebsd.org> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sbin@FreeBSD.ORG, cvs-sys@FreeBSD.ORG Subject: cvs commit: src/sbin/ipfw Makefile ipfw.8 ipfw.c src/sys/netinet ip_divert.c ip_fw.c ip_fw.h ip_input.c ip_output.c Sender: owner-cvs-sys@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk julian 1997/06/01 22:02:38 PDT Modified files: sbin/ipfw Makefile ipfw.8 ipfw.c sys/netinet ip_divert.c ip_fw.c ip_fw.h ip_input.c ip_output.c Log: Submitted by: Whistle Communications (archie Cobbs) these are quite extensive additions to the ipfw code. they include a change to the API because the old method was broken, but the user view is kept the same. The new code allows a particular match to skip forward to a particular line number, so that blocks of rules can be used without checking all the intervening rules. There are also many more ways of rejecting connections especially TCP related, and many many more ... see the man page for a complete description. Revision Changes Path 1.6 +2 -0 src/sbin/ipfw/Makefile 1.30 +151 -34 src/sbin/ipfw/ipfw.8 1.43 +405 -217 src/sbin/ipfw/ipfw.c 1.12 +18 -5 src/sys/netinet/ip_divert.c 1.58 +385 -196 src/sys/netinet/ip_fw.c 1.27 +96 -45 src/sys/netinet/ip_fw.h 1.63 +16 -16 src/sys/netinet/ip_input.c 1.57 +13 -16 src/sys/netinet/ip_output.c