Page MenuHomePhabricator

Make DNAT/SNAT a valid state in firewall rules.
Open, WishlistPublicFEATURE REQUEST

Description

According to the iptables man page, SNAT/DNAT are valid ctstate options along with related/established/new/invalid. Of course this doesn't necessarily mean they are valid where needed in the firewall setup code, so I have no idea the difficulty or possibility of this.

It would be nice to be able to have a single firewall rule to allow all DNATed connections, instead of one rule per DNAT. Other platforms allow this and it eliminates a lot of repetition when it comes to creating destination NAT configurations.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

kroy created this task.Nov 10 2018, 4:58 AM
kroy updated the task description. (Show Details)
syncer triaged this task as Wishlist priority.Nov 10 2018, 12:02 PM
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
pasik added a subscriber: pasik.Mar 12 2019, 6:08 PM