Attachment #107361 for bug #148144




		fi
		;;
	esac
	case ${firewall_nat_enable} in
	[Yy][Ee][Ss])
		if [ -n "${firewall_nat_interface}" ]; then
			if echo "${firewall_nat_interface}" | \
				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
				firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
			else
				firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}"
			fi
			${fwcmd} nat 123 config log ${firewall_nat_flags}
			${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface}
		fi
		;;
	esac


	# Stop RFC1918 nets on the outside interface
	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}

Return to bug 148144

Lines 318-323 Link Here

(-)rc.firewall (+15 lines)
318	fi	318	fi
319	;;	319	;;
320	esac	320	esac
		321	case ${firewall_nat_enable} in
		322	[Yy][Ee][Ss])
		323	if [ -n "${firewall_nat_interface}" ]; then
		324	if echo "${firewall_nat_interface}" \| \
		325	grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
		326	firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
		327	else
		328	firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}"
		329	fi
		330	${fwcmd} nat 123 config log ${firewall_nat_flags}
		331	${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface}
		332	fi
		333	;;
		334	esac
		335
321		336
322	# Stop RFC1918 nets on the outside interface	337	# Stop RFC1918 nets on the outside interface
323	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}	338	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}