Page MenuHomeFreeBSD

pf: allow states to be killed by their pre-NAT address
ClosedPublic

Authored by kp on Oct 20 2023, 8:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 1, 1:00 PM
Unknown Object (File)
Wed, Oct 1, 12:59 PM
Unknown Object (File)
Wed, Oct 1, 12:59 PM
Unknown Object (File)
Fri, Sep 26, 3:10 AM
Unknown Object (File)
Thu, Sep 25, 6:50 AM
Unknown Object (File)
Aug 28 2025, 4:23 AM
Unknown Object (File)
Aug 22 2025, 1:55 PM
Unknown Object (File)
Aug 14 2025, 10:43 PM

Details

Summary

If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: pfctl -k nat -k <address>.

See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Oct 23 2023, 4:42 PM
This revision was automatically updated to reflect the committed changes.