CVSROOT: /cvs Module name: src Changes by: mi...@cvs.openbsd.org 2011/08/29 18:40:47
Modified files:
sys/net : pf.c pf_ioctl.c pfvar.h
Log message:
Add support for one shot rules that remove themselves from an active
ruleset after match. In case this is the only rule in the anchor,
the anchor will be destroyed automatically after the rule is matched.
This is an extremely handy technique for firewall proxies.
ok henning, mcbride
