head	1.1;
branch	1.1.1;
access;
symbols
	RELENG_8_4:1.1.1.4.0.56
	RELENG_9_1_0_RELEASE:1.1.1.4
	RELENG_9_1:1.1.1.4.0.54
	RELENG_9_1_BP:1.1.1.4
	RELENG_8_3_0_RELEASE:1.1.1.4
	RELENG_8_3:1.1.1.4.0.52
	RELENG_8_3_BP:1.1.1.4
	RELENG_9_0_0_RELEASE:1.1.1.4
	RELENG_9_0:1.1.1.4.0.50
	RELENG_9_0_BP:1.1.1.4
	RELENG_9:1.1.1.4.0.48
	RELENG_9_BP:1.1.1.4
	RELENG_7_4_0_RELEASE:1.1.1.4
	RELENG_8_2_0_RELEASE:1.1.1.4
	RELENG_7_4:1.1.1.4.0.46
	RELENG_7_4_BP:1.1.1.4
	RELENG_8_2:1.1.1.4.0.44
	RELENG_8_2_BP:1.1.1.4
	RELENG_8_1_0_RELEASE:1.1.1.4
	RELENG_8_1:1.1.1.4.0.42
	RELENG_8_1_BP:1.1.1.4
	RELENG_7_3_0_RELEASE:1.1.1.4
	RELENG_7_3:1.1.1.4.0.40
	RELENG_7_3_BP:1.1.1.4
	RELENG_8_0_0_RELEASE:1.1.1.4
	RELENG_8_0:1.1.1.4.0.38
	RELENG_8_0_BP:1.1.1.4
	RELENG_8:1.1.1.4.0.36
	RELENG_8_BP:1.1.1.4
	RELENG_7_2_0_RELEASE:1.1.1.4
	RELENG_7_2:1.1.1.4.0.34
	RELENG_7_2_BP:1.1.1.4
	RELENG_7_1_0_RELEASE:1.1.1.4
	RELENG_6_4_0_RELEASE:1.1.1.4
	RELENG_7_1:1.1.1.4.0.32
	RELENG_7_1_BP:1.1.1.4
	RELENG_6_4:1.1.1.4.0.30
	RELENG_6_4_BP:1.1.1.4
	RELENG_7_0_0_RELEASE:1.1.1.4
	RELENG_6_3_0_RELEASE:1.1.1.4
	RELENG_7_0:1.1.1.4.0.28
	RELENG_7_0_BP:1.1.1.4
	RELENG_6_3:1.1.1.4.0.26
	RELENG_6_3_BP:1.1.1.4
	v4-1-28:1.1.1.4
	RELENG_7:1.1.1.4.0.24
	RELENG_7_BP:1.1.1.4
	v4-1-23:1.1.1.4
	RELENG_6_2_0_RELEASE:1.1.1.4
	RELENG_6_2:1.1.1.4.0.22
	RELENG_6_2_BP:1.1.1.4
	v4-1-13:1.1.1.4
	RELENG_5_5_0_RELEASE:1.1.1.4
	RELENG_5_5:1.1.1.4.0.20
	RELENG_5_5_BP:1.1.1.4
	RELENG_6_1_0_RELEASE:1.1.1.4
	RELENG_6_1:1.1.1.4.0.18
	RELENG_6_1_BP:1.1.1.4
	v4-1-10:1.1.1.4
	RELENG_6_0_0_RELEASE:1.1.1.4
	RELENG_6_0:1.1.1.4.0.16
	RELENG_6_0_BP:1.1.1.4
	RELENG_6:1.1.1.4.0.14
	RELENG_6_BP:1.1.1.4
	RELENG_5_4_0_RELEASE:1.1.1.4
	v4-1-8:1.1.1.4
	RELENG_5_4:1.1.1.4.0.12
	RELENG_5_4_BP:1.1.1.4
	RELENG_4_11_0_RELEASE:1.1.1.3.6.1
	RELENG_4_11:1.1.1.3.6.1.0.16
	RELENG_4_11_BP:1.1.1.3.6.1
	RELENG_5_3_0_RELEASE:1.1.1.4
	RELENG_5_3:1.1.1.4.0.10
	RELENG_5_3_BP:1.1.1.4
	RELENG_5:1.1.1.4.0.8
	RELENG_5_BP:1.1.1.4
	v3-4-35:1.1.1.4
	RELENG_4_10_0_RELEASE:1.1.1.3.6.1
	RELENG_4_10:1.1.1.3.6.1.0.14
	RELENG_4_10_BP:1.1.1.3.6.1
	RELENG_5_2_1_RELEASE:1.1.1.4
	RELENG_5_2_0_RELEASE:1.1.1.4
	RELENG_5_2:1.1.1.4.0.6
	RELENG_5_2_BP:1.1.1.4
	RELENG_4_9_0_RELEASE:1.1.1.3.6.1
	RELENG_4_9:1.1.1.3.6.1.0.12
	RELENG_4_9_BP:1.1.1.3.6.1
	RELENG_5_1_0_RELEASE:1.1.1.4
	RELENG_5_1:1.1.1.4.0.4
	RELENG_5_1_BP:1.1.1.4
	RELENG_4_8_0_RELEASE:1.1.1.3.6.1
	RELENG_4_8:1.1.1.3.6.1.0.10
	RELENG_4_8_BP:1.1.1.3.6.1
	v3-4-31:1.1.1.4
	RELENG_5_0_0_RELEASE:1.1.1.4
	RELENG_5_0:1.1.1.4.0.2
	RELENG_5_0_BP:1.1.1.4
	RELENG_4_7_0_RELEASE:1.1.1.3.6.1
	RELENG_4_7:1.1.1.3.6.1.0.8
	RELENG_4_7_BP:1.1.1.3.6.1
	v3-4-29:1.1.1.4
	RELENG_4_6_2_RELEASE:1.1.1.3.6.1
	RELENG_4_6_1_RELEASE:1.1.1.3.6.1
	RELENG_4_6_0_RELEASE:1.1.1.3.6.1
	v3-4-28:1.1.1.4
	RELENG_4_6:1.1.1.3.6.1.0.6
	RELENG_4_6_BP:1.1.1.3.6.1
	v3-4-27:1.1.1.4
	v3-4-26:1.1.1.4
	v3-4-25:1.1.1.4
	RELENG_4_5_0_RELEASE:1.1.1.3.6.1
	RELENG_4_5:1.1.1.3.6.1.0.4
	RELENG_4_5_BP:1.1.1.3.6.1
	RELENG_4_4_0_RELEASE:1.1.1.3.6.1
	RELENG_4_4:1.1.1.3.6.1.0.2
	RELENG_4_4_BP:1.1.1.3.6.1
	v3-4-20:1.1.1.4
	RELENG_4_3_0_RELEASE:1.1.1.3
	RELENG_4_3:1.1.1.3.0.8
	RELENG_4_3_BP:1.1.1.3
	v3-4-16:1.1.1.3
	rev:1.1.1.3
	RELENG_4_2_0_RELEASE:1.1.1.3
	v3-4-13:1.1.1.3
	v3-4-12:1.1.1.3
	RELENG_4_1_1_RELEASE:1.1.1.3
	PRE_SMPNG:1.1.1.3
	v3-4-9:1.1.1.3
	RELENG_4_1_0_RELEASE:1.1.1.3
	v3-4-8:1.1.1.3
	RELENG_3_5_0_RELEASE:1.1.1.3
	v3_4_4:1.1.1.3
	RELENG_4_0_0_RELEASE:1.1.1.3
	RELENG_4:1.1.1.3.0.6
	RELENG_4_BP:1.1.1.3
	v3_3_8:1.1.1.3
	v3_3_6:1.1.1.3
	RELENG_3_4_0_RELEASE:1.1.1.3
	v3_3_3:1.1.1.3
	RELENG_3_3_0_RELEASE:1.1.1.3
	RELENG_3_2_PAO:1.1.1.3.0.4
	RELENG_3_2_PAO_BP:1.1.1.3
	RELENG_3_2_0_RELEASE:1.1.1.3
	RELENG_3_1_0_RELEASE:1.1.1.3
	RELENG_3:1.1.1.3.0.2
	RELENG_3_BP:1.1.1.3
	RELENG_3_0_0_RELEASE:1.1.1.3
	v3_2_7:1.1.1.3
	v3_2_3:1.1.1.2
	v3_2_1:1.1.1.1
	v3-2-a7:1.1.1.1
	V3_2_A4:1.1.1.1
	ipfilter3_1_8:1.1.1.1
	DARRENR:1.1.1
	ipfilter3_1_7:1.1.1.1
	DARRENREED:1.1.1;
locks; strict;
comment	@# @;


1.1
date	97.02.09.22.49.47;	author darrenr;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	97.02.09.22.49.47;	author darrenr;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	98.03.21.09.59.56;	author peter;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	98.06.20.18.27.44;	author peter;	state Exp;
branches
	1.1.1.3.6.1;
next	1.1.1.4;

1.1.1.4
date	2001.07.28.11.59.16;	author darrenr;	state Exp;
branches
	1.1.1.4.56.1;
next	;

1.1.1.3.6.1
date	2001.07.28.13.34.14;	author darrenr;	state Exp;
branches;
next	;

1.1.1.4.56.1
date	2001.07.28.11.59.16;	author svnexp;	state dead;
branches;
next	1.1.1.4.56.2;

1.1.1.4.56.2
date	2013.03.28.13.01.19;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@		****************************************
			     IMPORTANT NOTICE
		****************************************
1)

If you're using this software and have a rule which ends like this:

flags S

(for TCP), then to make it totally effective, you need to change it to appear
as follows:

flags S/SA

The problem is that the old code would compare all the TCP flags against the
rule (which just has "S") to see if that matched exactly.  It is very possible
for this to not be the case and in these cases, the rule would fail to match
a 'valid' TCP SYN packet.

Why does it need to be "S/SA" and not "S/S" ?

"S/S" will match the SYN-ACK as well the SYN.

By defalt, "flags S" will now be converted to "flags S/AUPRFS".

If you have any queries regarding this, see the examples and ipf(4).
If you still have a query or suggestion, please email me.


2)

If a filter rule used, in combination port comparisons and the flags
keywords, a "short" TCP packet, if not explicitly blocked high up in
the list of packets, would actually get matched even though it would
otherwise not have been (due to the ports not).  This behaviour has
subsequently been fixed.


Darren
darrenr@@cyber.com.au
		****************************************
@


1.1.1.1
log
@Import IP Filter v3.1.7 into FreeBSD tree
@
text
@@


1.1.1.2
log
@Import ipfilter 3.2.3
@
text
@a38 5
3)

If you have BOTH GNU make and the normal make shipped with your system,
DO NOT use the GNU make to build this package.

@


1.1.1.3
log
@Import trimmed version of ipfilter 3.2.7.

Obtained from:  Darren Reed via http://cheops.anu.edu.au/~avalon/
@
text
@d45 1
a45 1
darrenr@@pobox.com
@


1.1.1.3.6.1
log
@merge diffs for ipfilter 3.4.16 -> 3.4.20 into RELENG_4
@
text
@d6 35
@


1.1.1.4
log
@Import IPFilter version 3.4.20
@
text
@d6 35
@


1.1.1.4.56.1
log
@file IMPORTANT was added on branch RELENG_8_4 on 2013-03-28 13:01:19 +0000
@
text
@d1 11
@


1.1.1.4.56.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 11
		****************************************
			     IMPORTANT NOTICE
		****************************************
1)

If you have BOTH GNU make and the normal make shipped with your system,
DO NOT use the GNU make to build this package.

Darren
darrenr@@pobox.com
		****************************************
@


