pf: fix 'natpass'
ClosedPublic
Actions

Authored by kp on Oct 1 2025, 8:18 PM.

Details

Reviewers

Group Reviewers

network
pfsense

Commits

rGff566e6b9b8f: pf: fix 'natpass'
rGb93394a38bc4: pf: fix 'natpass'

Summary

If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.

While here also fix nat:dummynet_mask, which relied on the broken behaviour.

MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 67463
Build 64346: arc lint + arc unit

Event Timeline

kp created this revision.Oct 1 2025, 8:18 PM

Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptOct 1 2025, 8:18 PM

kp requested review of this revision.Oct 1 2025, 8:18 PM

Harbormaster completed remote builds in B67463: Diff 163274.Oct 1 2025, 8:18 PM

This revision was not accepted when it landed; it landed in state Needs Review.Oct 2 2025, 8:48 PM

Closed by commit rGb93394a38bc4: pf: fix 'natpass' (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rGb93394a38bc4: pf: fix 'natpass'.

kp added a commit: rGff566e6b9b8f: pf: fix 'natpass'.Oct 5 2025, 8:52 PM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

59 lines

tests/

sys/

netpfil/

pf/

nat.sh

2 lines

rdr.sh

58 lines

Diff 163274

View Options

sys/netpfil/pf/pf.c

View Options

tests/sys/netpfil/pf/nat.sh

View Options

tests/sys/netpfil/pf/rdr.sh

pf: fix 'natpass'ClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 163274

sys/netpfil/pf/pf.c

tests/sys/netpfil/pf/nat.sh

tests/sys/netpfil/pf/rdr.sh

pf: fix 'natpass'
ClosedPublic
Actions

Revision Contents
Changeset List