diff options
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 2 | ||||
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 14 | ||||
| -rw-r--r-- | sys/netinet/ip_fw2.c | 6 |
3 files changed, 10 insertions, 12 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 0ea3b7a..fa7a0c5 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1609,7 +1609,7 @@ This can significantly reduce number of rules in some configurations. The .Cm tablearg argument can be used with the following actions: -.Cm pipe , queue, divert, tee, netgraph, ngtee, fwd +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd action parameters: .Cm tag, untag, rule options: diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index fa326b8..91e7932 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -1612,7 +1612,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) break; case O_NAT: - printf("nat %u", cmd->arg1); + PRINT_UINT_ARG("nat ", cmd->arg1); break; default: @@ -4848,6 +4848,10 @@ add(int ac, char *av[]) action->opcode = O_COUNT; break; + case TOK_NAT: + action->opcode = O_NAT; + action->len = F_INSN_SIZE(ipfw_insn_nat); + goto chkarg; case TOK_QUEUE: action->opcode = O_QUEUE; goto chkarg; @@ -4929,14 +4933,6 @@ chkarg: action->opcode = O_COUNT; ac++; av--; /* go back... */ break; - - case TOK_NAT: - action->opcode = O_NAT; - action->len = F_INSN_SIZE(ipfw_insn_nat); - NEED1("missing nat number"); - action->arg1 = strtoul(*av, NULL, 10); - ac--; av++; - break; default: errx(EX_DATAERR, "invalid action %s\n", av[-1]); diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index a094a17..e8c8c81 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -3486,7 +3486,7 @@ check_body: struct cfg_nat *t; struct mbuf *mcl; /* XXX - libalias duct tape */ - int ldt; + int ldt, nat_id; char *c; ldt = 0; @@ -3494,7 +3494,9 @@ check_body: retval = 0; t = ((ipfw_insn_nat *)cmd)->nat; if (t == NULL) { - t = lookup_nat(cmd->arg1); + nat_id = (cmd->arg1 == IP_FW_TABLEARG) ? + tablearg : cmd->arg1; + t = lookup_nat(nat_id); if (t == NULL) { retval = IP_FW_DENY; goto done; |
