CVSROOT: /cvs
Module name: src
Changes by: henn...@cvs.openbsd.org 2009/09/01 07:42:00
Modified files:
sbin/pfctl : pfctl_optimize.c pfctl_parser.h pfctl.c
pfctl_parser.c parse.y
sys/net : pf.c pf_lb.c pfvar.h pf_ioctl.c
Log message:
the diff theo calls me insanae for:
rewrite of the NAT code, basically. nat and rdr become actions on regular
rules, seperate nat/rdr/binat rules do not exist any more.
match in on $intf rdr-to 1.2.3.4
match out on $intf nat-to 5.6.7.8
the code is capable of doing nat and rdr in any direction, but we prevent
this in pfctl for now, there are implications that need to be documented
better.
the address rewrite happens inline, subsequent rules will see the already
changed addresses. nat / rdr can be applied multiple times as well.
match in on $intf rdr-to 1.2.3.4
match in on $intf to 1.2.3.4 rdr-to 5.6.7.8
help and ok dlg sthen claudio, reyk tested too
