Bug 148144

Summary: [patch] add ipfw_nat support for rc.firewall simple type
Product: Base System Reporter: David Naylor <naylor.b.david>
Component: confAssignee: Hiroki Sato <hrs>
Status: Closed Overcome By Events    
Severity: Affects Only Me CC: dbn
Priority: Normal    
Version: unspecified   
Hardware: Any   
OS: Any   
Description Flags
rc.firewall.patch none

Description David Naylor 2010-06-25 17:20:03 UTC
rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type.  The attached patch adds such support.  

I have used this change for a while to provide support for NAT on my server.

Fix: n/a

Patch attached with submission follows:
How-To-Repeat: n/a
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-06-27 05:20:49 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 Doug Barton freebsd_committer 2010-06-27 05:41:51 UTC
Responsible Changed
From-To: freebsd-rc->freebsd-ipfw

Not rc.d related, and I think the -ipfw folks are in a better 
position to determine if nat config falls into the "simple" 
category or not.
Comment 3 smithi 2010-06-27 09:29:38 UTC
This patch is certainly needed to make 'simple' usable out of the box.

I'd like to offer an alternative patch, reusing rather than duplicating
the existing NAT code, making it a function with the same functionality.

This patch also adds allowing outbound pings and essential ICMP to both
'client' and 'simple' rulesets, another long-term omission.  I'd have
also included the complementary ipv6-icmp rules from 'workstation' but
I have no way to test and confirm their correctness.

cheers, Ian
Comment 4 Hiroki Sato freebsd_committer 2011-01-15 16:15:57 UTC
Responsible Changed
From-To: freebsd-ipfw->hrs

I'll take this.
Comment 5 David Naylor freebsd_committer 2014-12-16 14:29:18 UTC
Things have changed since then