diff options
author | rafan <rafan@FreeBSD.org> | 2008-01-21 04:41:18 +0000 |
---|---|---|
committer | rafan <rafan@FreeBSD.org> | 2008-01-21 04:41:18 +0000 |
commit | d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06 (patch) | |
tree | 2829456ad10f556bb437546d49a99abad21d63a0 /etc/rc.firewall | |
parent | d48c6f0552fc34daa7e641bf8a85b7360e3a5c6e (diff) | |
download | FreeBSD-src-d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06.zip FreeBSD-src-d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06.tar.gz |
Improve kernel NAT support in rc.firewall
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf
Tested by: Albert B. Wang <abwang at gmail.com>
MFC after: 1 month
Diffstat (limited to 'etc/rc.firewall')
-rw-r--r-- | etc/rc.firewall | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index fa2558d..c3d11ab 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -131,7 +131,13 @@ case ${firewall_type} in case ${firewall_nat_enable} in [Yy][Ee][Ss]) if [ -n "${firewall_nat_interface}" ]; then - ${fwcmd} nat 123 config if ${firewall_nat_interface} log + if echo "${firewall_nat_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" + else + firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" + fi + ${fwcmd} nat 123 config log ${firewall_nat_flags} ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} fi ;; |