Looking to exclude a certain class of packets from NAT munging, I peeked
at natparse.c to see that code already exists to handle fromto clause
negation. Thinking I was crazy, I double checked the manual to find no
reference to this behavior. (Un)Fortunately, I was right.
Any chance to include something like the attached into a future revision
of ipnat.5? (This is with 3.4.27 under FreeBSD 4.6.1 p10.)
--
ryan beasley <[EMAIL PROTECTED]>
professional fat bastard http://www.goddamnbastard.org
GPG ID 0x16EFBD48
--- ipnat.5.orig Mon Aug 12 18:48:24 2002
+++ ipnat.5 Mon Aug 12 19:13:03 2002
@@ -94,6 +94,15 @@
map de0 from 10.1.0.0/16 to any -> 201.2.3.4/32
.fi
.LP
+For even greater control, one may negate either of the "from" or "to" clauses
+with a preceding exclamation mark ("!"). Please note that one may not use a
+negated "from" within a \fBmap\fP rule or a negated "to" within a \fBrdr\fP
+rule. Such a rule might look like the following:
+.LP
+.nf
+map de0 from 10.1.0.0/16 ! to 10.1.0.0/16 -> 201.2.3.4/32
+.fi
+.PP
Only IP address and port numbers can be compared against. This is available
with all NAT rules.
.SH TRANSLATION
msg00922/pgp00000.pgp
Description: PGP signature
