Project

General

Profile

Feature #3887

Add a "No binat" checkbox to 1:1 NAT for exclusions

Added by Jim Pingle over 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules/NAT
Target version:
Start date:
09/23/2014
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)

Description

In some cases it is necessary to create exclusions from a broad definition of a more general 1:1 NAT rule, such as:

- No 1:1 NAT for x.x.x.1
- No 1:1 NAT for x.x.x.2
- 1:1 NAT for y.y.y.0/24 -> x.x.x.0/24

That way NAT could be performed for the entire subnet on that interface except for the gateway and the firewall itself.


Subtasks

Feature #3888: Allow reordering of 1:1 NAT rulesResolved

Associated revisions

History

#1 Updated by Jim Thompson over 3 years ago

  • Assignee set to Steve Beaver

#2 Updated by Steve Beaver over 3 years ago

1-to-1 rules can already be dragged to reorder. I can add a "no binat" (or "exclude") checkbox, save the setting, and display a suitable icon when it is checked.

JimP - can you help with creating the NAT rule correctly on "Apply" ?

#3 Updated by Jim Pingle over 3 years ago

The rule should look like the current rule but have "no " before the rest of the line. For example source:src/etc/inc/filter.inc#L1877 line 1877 shows where the binat line is made, if the negation box is checked then that line should start with "no binat" rather than "binat". And now that I look there, the NAT reflection bits above and below there should be skipped as well if the negation box is checked.

Also "-> {$target}{$sn1}" is not required for no binat

#4 Updated by Steve Beaver over 3 years ago

  • Status changed from New to Assigned
  • Assignee changed from Steve Beaver to Jim Pingle

Implemented as requested.

Swinging it over to JimP for testing

#5 Updated by Steve Beaver over 3 years ago

  • Status changed from Assigned to Feedback

#6 Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Resolved

Seems to do the job. Rules look like I expect, pf doesn't complain.

Also available in: Atom PDF