Skip to content

O
OpnSense
Commit e4f56188 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

firewall: npt alignment 

NPT is a kind of abandoned feature that had a custom kernel patch.
I tried to trace the origin through OpenBSD, but their pf(4) since
switched away from separate binat rules in the last known form like
it is still in FreeBSD.

Furthermore, the original GUI commit looks odd in that it tries to
push the same traffic downwards that would match in the former line,
which acutally points upwards.  It's either that or completely zapping
the line.  For now, repair the rules reload by trying to retain the
spirit of what it tries to achieve and wait for further feedback.

This late bug report also suggests that virtually nobody uses NPT
today since we've had no upstream reports since at least 15.7 was
out.

PR: https://forum.opnsense.org/index.php?topic=3076.0
(cherry picked from commit 39eed8a1)
parent 45c905bc
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 1 deletion
src/etc/inc/filter.inc
View file @ e4f56188
...@@ -1739,7 +1739,7 @@ function filter_nat_rules_generate(&$FilterIflist) ...@@ -1739,7 +1739,7 @@ function filter_nat_rules_generate(&$FilterIflist)
$natif = $FilterIflist[$natif]['descr']; $natif = $FilterIflist[$natif]['descr'];
$natrules .= "binat on \${$natif} from {$srcaddr} to any -> {$dstaddr}\n"; $natrules .= "binat on \${$natif} from {$srcaddr} to any -> {$dstaddr}\n";
$natrules .= "binat on \${$natif} from any to {$dstaddr} -> {$srcaddr}\n"; $natrules .= "binat on \${$natif} from {$dstaddr} to any -> {$srcaddr}\n";
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023