pfSense

maybe fixup on the state print patches so that the -> is added back?

I think I prefer the new output, it's a clearer separation for which is the internal IP rather than guess by counting ->'s

Probably need some more output examples though (say, from 1:1 NAT and port forwards) to really say how hard it might be to adjust.

Looks like the format for the changed part is like this:

NAT on destination (port forward)
destination_after_nat (destination_before_nat) <- source

NAT on source (outbound NAT)
source_after_nat (source_before_nat) -> destination

The format is slightly different on 10.x than 9.x examples above.
In this sample output, 192.0.2.x is WAN on em0, 192.168.94.x is LAN on em1

em0 icmp 192.0.2.89:32114 -> 192.0.2.1:32114       0:0
em0 icmp 192.0.2.89:44428 (192.168.94.1:26879) -> 74.125.225.114:44428       0:0
lo0 udp 127.0.0.1:43924 -> 127.0.0.1:53       MULTIPLE:SINGLE
em0 tcp 192.168.94.99:999 (192.0.2.89:999) <- 192.0.2.31:59269       CLOSED:SYN_SENT
em1 tcp 192.0.2.31:59269 -> 192.168.94.99:999       SYN_SENT:CLOSED

The first column for the interface should probably be parsed and printed on the page now that it is meaningful.