Diffusion FreeBSD src repository ff566e6b9b8f

pf: fix 'natpass'
ff566e6b9b8f
Actions

Description

pf: fix 'natpass'

If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.

MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838

(cherry picked from commit b93394a38bc41f8afceaf0c03ed5d8b8b5a9aefb)

Details

Provenance

kp	Authored on Tue, Sep 30, 5:40 PM

Differential Revision

D52838: pf: fix 'natpass'

Parents

rGdd4095f11b1e: pf: return PF_PASS/PF_DROP from pf_setup_pdesc()

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGff566e6b9b8f: pf: fix 'natpass' (authored by kp).Sun, Oct 5, 8:47 PM

kp added an edge: D52838: pf: fix 'natpass'.Sun, Oct 5, 8:52 PM

Changes (2)

Path

Size

sys/

netpfil/

pf/

pf.c

tests/

sys/

netpfil/

pf/

rdr.sh

rGff566e6b9b8f

View Options

sys/netpfil/pf/pf.c