Page MenuHomeVyOS Platform

Make DNAT/SNAT a valid state in firewall rules.
Open, WishlistPublicFEATURE REQUEST


According to the iptables man page, SNAT/DNAT are valid ctstate options along with related/established/new/invalid. Of course this doesn't necessarily mean they are valid where needed in the firewall setup code, so I have no idea the difficulty or possibility of this.

It would be nice to be able to have a single firewall rule to allow all DNATed connections, instead of one rule per DNAT. Other platforms allow this and it eliminates a lot of repetition when it comes to creating destination NAT configurations.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close

Event Timeline

kroy created this task.Nov 10 2018, 4:58 AM
kroy updated the task description. (Show Details)
syncer triaged this task as Wishlist priority.Nov 10 2018, 12:02 PM
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
pasik added a subscriber: pasik.Mar 12 2019, 6:08 PM