conf/148144: [patch] add ipfw_nat support for rc.firewall simple
type
David Naylor
naylor.b.david at gmail.com
Fri Jun 25 16:20:05 UTC 2010
>Number: 148144
>Category: conf
>Synopsis: [patch] add ipfw_nat support for rc.firewall simple type
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 25 16:20:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: David Naylor
>Release: FreeBSD-9
>Organization:
Private
>Environment:
FreeBSD dragon.dg 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sat Jun 19 19:08:38 SAST 2010 root at dragon.dg:/tmp/home/freebsd9/src/sys/DRAGON amd64
>Description:
rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support.
I have used this change for a while to provide support for NAT on my server.
>How-To-Repeat:
n/a
>Fix:
n/a
Patch attached with submission follows:
--- rc.firewall~ 2010-06-25 18:10:42.000000000 +0200
+++ rc.firewall 2010-06-25 18:11:16.000000000 +0200
@@ -318,6 +318,21 @@
fi
;;
esac
+ case ${firewall_nat_enable} in
+ [Yy][Ee][Ss])
+ if [ -n "${firewall_nat_interface}" ]; then
+ if echo "${firewall_nat_interface}" | \
+ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
+ firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
+ else
+ firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}"
+ fi
+ ${fwcmd} nat 123 config log ${firewall_nat_flags}
+ ${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface}
+ fi
+ ;;
+ esac
+
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list