Page MenuHomeFreeBSD
Differential D42312

pf: allow states to be killed by their pre-NAT address
ClosedPublic
Actions

Authored by kp on Oct 20 2023, 8:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 1, 1:00 PM
Unknown Object (File)
Wed, Oct 1, 12:59 PM
Unknown Object (File)
Wed, Oct 1, 12:59 PM
Unknown Object (File)
Fri, Sep 26, 3:10 AM
Unknown Object (File)
Thu, Sep 25, 6:50 AM
Unknown Object (File)
Aug 28 2025, 4:23 AM
Unknown Object (File)
Aug 22 2025, 1:55 PM
Unknown Object (File)
Aug 14 2025, 10:43 PM
View All 78 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG4f33755051c6: pf: allow states to be killed by their pre-NAT address
Summary

If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: pfctl -k nat -k <address>.

See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Oct 20 2023, 8:45 AM
Herald added subscribers: glebius, melifaro, farrokhi and 2 others. · View Herald TranscriptOct 20 2023, 8:45 AM
kp requested review of this revision.Oct 20 2023, 8:45 AM
kp added a child revision: D42313: pf tests: add a test for killing states by NAT address.
Harbormaster completed remote builds in B54106: Diff 129144.Oct 20 2023, 8:46 AM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 23 2023, 4:42 PM
Closed by commit rG4f33755051c6: pf: allow states to be killed by their pre-NAT address (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG4f33755051c6: pf: allow states to be killed by their pre-NAT address.

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
1 line
sbin/
pfctl/
13 lines
6 lines
sys/
net/
1 line
netpfil/
pf/
6 lines
3 lines

Diff 129250

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/pfctl.8

Loading...
View Options

sbin/pfctl/pfctl.c

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nv.c

Loading...