Ok, now that I've got that state bug fixed, it seems like a good time to roll together a new patch release.
I'm not sure what else to say at this point, besides the usual mumbo jumbo, except to say that I need to get to work and put this stuff up on sourceforge too...and to look out for another email later in the week with more interesting ipfilter developments... Oh, one other bug that got fixed here that others might have noticed (or might not have) is the first one listed - rules like this: rdr ab0 0/0 port 80 -> 127.0.0.1 port 12345 tcp rdr ab0 0/0 port 80 -> 127.0.0.1 port 12346 tcp would not have been allowed...now fixed :) Darren http://coombs.anu.edu.au/~avalon/ip_fil4.1.16.tar.gz 4.1.16 - Released 20 December 2006 allow rdr rules to only differ on the new port number when creating state entry orphans, leave them on the linked list but not attached to the hash table and mark them visible as orphans in "ipfstat -sl" log state removed when unloading differently to allow visible cues return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display ttl abort logging a packet if the mbuf pointer is null when ipflog is called Some NetBSD's have a selinfo.h instead of select.h SIOCIPFFL was using copyoutptr and should have been using bcopy for /dev/ipauth listing accounting rules using ioctl interface wasn't possible fix leakage of state entries due to packets not matching up with NAT improve ICMP error packet matching with state/NAT fix problems with parsing and printing "-" as an interface name in ipnat.conf 4.1.15 - Released 03 November 2006 MD5 (ip_fil4.1.16.tar.gz) = b3f03da3973becba0ec9ef2a8882bffd MD5 (patch-4.1.16.gz) = e649cc0a54af6b23b6c2c9572ab99ec1
