|Summary:||[patch] add ipfw_nat support for rc.firewall simple type|
|Product:||Base System||Reporter:||David Naylor <naylor.b.david>|
|Component:||conf||Assignee:||Hiroki Sato <hrs>|
|Status:||Closed Overcome By Events|
|Severity:||Affects Only Me||CC:||dbn|
Description David Naylor 2010-06-25 17:20:03 UTC
rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support. I have used this change for a while to provide support for NAT on my server. Fix: n/a Patch attached with submission follows: How-To-Repeat: n/a
Comment 1 Mark Linimon 2010-06-27 05:20:49 UTC
Responsible Changed From-To: freebsd-bugs->freebsd-rc Over to maintainer(s).
Comment 2 Doug Barton 2010-06-27 05:41:51 UTC
Responsible Changed From-To: freebsd-rc->freebsd-ipfw Not rc.d related, and I think the -ipfw folks are in a better position to determine if nat config falls into the "simple" category or not.
Comment 3 smithi 2010-06-27 09:29:38 UTC
This patch is certainly needed to make 'simple' usable out of the box. I'd like to offer an alternative patch, reusing rather than duplicating the existing NAT code, making it a function with the same functionality. This patch also adds allowing outbound pings and essential ICMP to both 'client' and 'simple' rulesets, another long-term omission. I'd have also included the complementary ipv6-icmp rules from 'workstation' but I have no way to test and confirm their correctness. cheers, Ian
Comment 4 Hiroki Sato 2011-01-15 16:15:57 UTC
Responsible Changed From-To: freebsd-ipfw->hrs I'll take this.
Comment 5 David Naylor 2014-12-16 14:29:18 UTC
Things have changed since then