From: Alexandr Nedvedicky Subject: Re: pfclt print nat-to and rdr-to To: Alexander Bluhm Cc: tech@openbsd.org Date: Sun, 22 Feb 2026 17:24:06 +0100 Hello, looks good to me. OK sashan@ On Wed, Feb 18, 2026 at 10:44:46PM +0100, Alexander Bluhm wrote: > Hi, > > Kernel pf rule may have both nat-to and rdr-to fields. pfctl prints > only one of them. By removing one else, user see what the kernel > does. > > pass in on em1 inet all flags S/SA nat-to 5.6.7.8 rdr-to 1.2.3.4 > > ok? > > bluhm > > Index: pfctl_parser.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sbin/pfctl/pfctl_parser.c,v > diff -u -p -r1.357 pfctl_parser.c > --- pfctl_parser.c 3 Feb 2026 10:25:28 -0000 1.357 > +++ pfctl_parser.c 18 Feb 2026 21:32:24 -0000 > @@ -1200,15 +1200,18 @@ print_rule(struct pfctl *pf, struct pf_r > r->rdr.proxy_port[1], r->naf ? r->naf : r->af, > PF_POOL_RDR, verbose); > } > - } else if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) { > - printf (" nat-to "); > - print_pool(&r->nat, r->nat.proxy_port[0], > - r->nat.proxy_port[1], r->naf ? r->naf : r->af, > - PF_POOL_NAT, verbose); > - } else if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) { > - printf (" rdr-to "); > - print_pool(&r->rdr, r->rdr.proxy_port[0], > - r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose); > + } else { > + if (!anchor_call[0] && r->nat.addr.type != PF_ADDR_NONE) { > + printf (" nat-to "); ^^^^^^^^^^ would it make sense to drop the extra space, while are you here? > + print_pool(&r->nat, r->nat.proxy_port[0], > + r->nat.proxy_port[1], r->naf ? r->naf : r->af, > + PF_POOL_NAT, verbose); > + } > + if (!anchor_call[0] && r->rdr.addr.type != PF_ADDR_NONE) { > + printf (" rdr-to "); ^^^^^^^^^^ and here too. thanks. > + print_pool(&r->rdr, r->rdr.proxy_port[0], > + r->rdr.proxy_port[1], r->af, PF_POOL_RDR, verbose); > + } > } > if (r->rt) { > if (r->rt == PF_ROUTETO) >