Bug 148144 - [patch] add ipfw_nat support for rc.firewall simple type
Summary: [patch] add ipfw_nat support for rc.firewall simple type
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: Hiroki Sato
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 17:20 UTC by David Naylor
Modified: 2014-12-16 14:29 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (759 bytes, patch)
2010-06-25 17:20 UTC, David Naylor 		no flags Details | Diff
rc.firewall.patch (3.35 KB, patch)
2010-06-27 09:29 UTC, smithi 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Naylor 2010-06-25 17:20:03 UTC 
rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type.  The attached patch adds such support.  

I have used this change for a while to provide support for NAT on my server.

Fix: n/a

Patch attached with submission follows:
How-To-Repeat: n/a
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-06-27 05:20:49 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 Doug Barton freebsd_committer 2010-06-27 05:41:51 UTC 
Responsible Changed
From-To: freebsd-rc->freebsd-ipfw


Not rc.d related, and I think the -ipfw folks are in a better 
position to determine if nat config falls into the "simple" 
category or not.
Comment 3 smithi 2010-06-27 09:29:38 UTC 
This patch is certainly needed to make 'simple' usable out of the box.

I'd like to offer an alternative patch, reusing rather than duplicating
the existing NAT code, making it a function with the same functionality.

This patch also adds allowing outbound pings and essential ICMP to both
'client' and 'simple' rulesets, another long-term omission.  I'd have
also included the complementary ipv6-icmp rules from 'workstation' but
I have no way to test and confirm their correctness.

cheers, Ian
Comment 4 Hiroki Sato freebsd_committer 2011-01-15 16:15:57 UTC 
Responsible Changed
From-To: freebsd-ipfw->hrs

I'll take this.
Comment 5 David Naylor freebsd_committer 2014-12-16 14:29:18 UTC 
Things have changed since then