Index: sbin/natd/natd.8
===================================================================
--- sbin/natd/natd.8
+++ sbin/natd/natd.8
@@ -9,6 +9,7 @@
 .Nm
 .Bk -words
 .Op Fl unregistered_only | u
+.Op Fl unregistered_cgn | c
 .Op Fl log | l
 .Op Fl proxy_only
 .Op Fl reverse
@@ -128,6 +129,9 @@
 source address.
 According to RFC 1918, unregistered source addresses are 10.0.0.0/8,
 172.16.0.0/12 and 192.168.0.0/16.
+.It Fl unregistered_cgn | c
+Like unregistered_only, but includes the Carrier Grade NAT (100.64.0.0/10)
+address range as defined in RFC 6598. 
 .It Fl redirect_port Ar proto Xo
 .Ar targetIP Ns : Ns Xo
 .Ar targetPORT Ns Oo - Ns Ar targetPORT Oc Xc
Index: sbin/natd/natd.c
===================================================================
--- sbin/natd/natd.c
+++ sbin/natd/natd.c
@@ -1089,9 +1089,17 @@
 		PKT_ALIAS_UNREGISTERED_ONLY,
 		YesNo,
 		"[yes|no]",
-		"alias only unregistered addresses",
+		"alias only unregistered RFC 1918 addresses",
 		"unregistered_only",
 		"u" },
+
+	{ LibAliasOption,
+		PKT_ALIAS_UNREGISTERED_CGN,
+		YesNo,
+		"[yes|no]",
+		"like unregistered_only, but includes the RFC 6598 range",
+		"unregistered_cgn",
+		"c" },
 
 	{ LibAliasOption,
 		PKT_ALIAS_LOG,
Index: sbin/natd/samples/natd.cf.sample
===================================================================
--- sbin/natd/samples/natd.cf.sample
+++ sbin/natd/samples/natd.cf.sample
@@ -48,6 +48,11 @@
 #
 unregistered_only	no
 #
+# Like unregistered_only, but includes the Carrier Grade NAT
+# (100.64.0.0/10) subnet as defined in RFC6598.
+#
+unregistered_cgn	no
+#
 # Configure permanent links. If you use host names instead
 # of addresses here, be sure that name server works BEFORE
 # natd is up - this is usually not the case. So either use