Page MenuHomeFreeBSD
Differential D42312

pf: allow states to be killed by their pre-NAT address
ClosedPublic
Actions

Authored by kp on Oct 20 2023, 8:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Feb 25, 6:21 PM
Unknown Object (File)
Sat, Feb 21, 10:24 PM
Unknown Object (File)
Feb 8 2026, 6:23 AM
Unknown Object (File)
Feb 7 2026, 8:16 PM
Unknown Object (File)
Feb 1 2026, 9:49 AM
Unknown Object (File)
Feb 1 2026, 8:25 AM
Unknown Object (File)
Jan 31 2026, 4:15 AM
Unknown Object (File)
Jan 30 2026, 10:44 PM
View All Files
Subscribers
ae
farrokhi
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG4f33755051c6: pf: allow states to be killed by their pre-NAT address
Summary

If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: pfctl -k nat -k <address>.

See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Oct 20 2023, 8:45 AM
Herald added subscribers: glebius, melifaro, farrokhi and 2 others. · View Herald TranscriptOct 20 2023, 8:45 AM
kp requested review of this revision.Oct 20 2023, 8:45 AM
kp added a child revision: D42313: pf tests: add a test for killing states by NAT address.
Harbormaster completed remote builds in B54106: Diff 129144.Oct 20 2023, 8:46 AM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 23 2023, 4:42 PM
Closed by commit rG4f33755051c6: pf: allow states to be killed by their pre-NAT address (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG4f33755051c6: pf: allow states to be killed by their pre-NAT address.

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
1 line
sbin/
pfctl/
13 lines
6 lines
sys/
net/
1 line
netpfil/
pf/
6 lines
3 lines

Diff 129250

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/pfctl.8

Loading...
View Options

sbin/pfctl/pfctl.c

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nv.c

Loading...