HomeFreeBSD
Diffusion FreeBSD src repository f6f116cdbd2a

pf: Make af-to work on outbound interface
f6f116cdbd2a
Actions

Description

pf: Make af-to work on outbound interface

Currently af-to works only on inbound interface by creating a reversed
NAT state key which is used to match traffic returning on the outbound
interface.

Such limitation is not necessary. When an af-to state is created
for an outbound rule do not reverse the NAT state key, making it work
just like if it was created for a normal NAT rule. Depending on firewall
design it might be easier and more natural to use af-to on the outbound
interface.

Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D49122

Details

Provenance
vegeta_tuxpowered.netAuthored on Sun, Feb 23, 6:13 PM
Reviewer
kp
Differential Revision
D49122: pf: Make af-to work on outbound interface
Parents
rGab6a311c720e: libc/gen/fts.c: fix assignment
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
sys/
net/
netpfil/
pf/
tests/
sys/
netpfil/
pf/

rGf6f116cdbd2a

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_lb.c

Loading...
View Options

tests/sys/netpfil/pf/nat64.sh

Loading...