Download raw body.
pfclt print nat-to and rdr-to
Hello,
looks good to me.
OK sashan@
On Wed, Feb 18, 2026 at 10:44:46PM +0100, Alexander Bluhm wrote:
> Hi,
>
> Kernel pf rule may have both nat-to and rdr-to fields. pfctl prints
> only one of them. By removing one else, user see what the kernel
> does.
>
> pass in on em1 inet all flags S/SA nat-to 5.6.7.8 rdr-to 1.2.3.4
>
> ok?
>
> bluhm
>
> Index: pfctl_parser.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sbin/pfctl/pfctl_parser.c,v
> diff -u -p -r1.357 pfctl_parser.c
> --- pfctl_parser.c 3 Feb 2026 10:25:28 -0000 1.357
> +++ pfctl_parser.c 18 Feb 2026 21:32:24 -0000
> @@ -1200,15 +1200,18 @@ print_rule(struct pfctl *pf, struct pf_r
> r->rdr.proxy_port[1], r->naf ? r->naf : r->af,
> PF_POOL_RDR, verbose);
> }
> - } else if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) {
> - printf (" nat-to ");
> - print_pool(&r->nat, r->nat.proxy_port[0],
> - r->nat.proxy_port[1], r->naf ? r->naf : r->af,
> - PF_POOL_NAT, verbose);
> - } else if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) {
> - printf (" rdr-to ");
> - print_pool(&r->rdr, r->rdr.proxy_port[0],
> - r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose);
> + } else {
> + if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) {
> + printf (" nat-to ");
^^^^^^^^^^
would it make sense to drop the extra space, while are you here?
> + print_pool(&r->nat, r->nat.proxy_port[0],
> + r->nat.proxy_port[1], r->naf ? r->naf : r->af,
> + PF_POOL_NAT, verbose);
> + }
> + if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) {
> + printf (" rdr-to ");
^^^^^^^^^^
and here too. thanks.
> + print_pool(&r->rdr, r->rdr.proxy_port[0],
> + r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose);
> + }
> }
> if (r->rt) {
> if (r->rt == PF_ROUTETO)
>
pfclt print nat-to and rdr-to