Download raw body.
pfclt print nat-to and rdr-to
Hi,
Kernel pf rule may have both nat-to and rdr-to fields. pfctl prints
only one of them. By removing one else, user see what the kernel
does.
pass in on em1 inet all flags S/SA nat-to 5.6.7.8 rdr-to 1.2.3.4
ok?
bluhm
Index: pfctl_parser.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/pfctl/pfctl_parser.c,v
diff -u -p -r1.357 pfctl_parser.c
--- pfctl_parser.c 3 Feb 2026 10:25:28 -0000 1.357
+++ pfctl_parser.c 18 Feb 2026 21:32:24 -0000
@@ -1200,15 +1200,18 @@ print_rule(struct pfctl *pf, struct pf_r
r->rdr.proxy_port[1], r->naf ? r->naf : r->af,
PF_POOL_RDR, verbose);
}
- } else if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) {
- printf (" nat-to ");
- print_pool(&r->nat, r->nat.proxy_port[0],
- r->nat.proxy_port[1], r->naf ? r->naf : r->af,
- PF_POOL_NAT, verbose);
- } else if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) {
- printf (" rdr-to ");
- print_pool(&r->rdr, r->rdr.proxy_port[0],
- r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose);
+ } else {
+ if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) {
+ printf (" nat-to ");
+ print_pool(&r->nat, r->nat.proxy_port[0],
+ r->nat.proxy_port[1], r->naf ? r->naf : r->af,
+ PF_POOL_NAT, verbose);
+ }
+ if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) {
+ printf (" rdr-to ");
+ print_pool(&r->rdr, r->rdr.proxy_port[0],
+ r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose);
+ }
}
if (r->rt) {
if (r->rt == PF_ROUTETO)
pfclt print nat-to and rdr-to