On 2019-04-02 08:53, Martin Husemann wrote: >> This, exactly, is the showstopper that has prevented me from moving to >> npf. The ability to add/remove IP addresses from a NAT translation >> without changing npf.conf doesn't seem to be possible in any >> documentation I was able to find. > > It is documented at least, from the EXAMPLE section of npfctl(8): > > Addition and removal of entries in the table whose ID is "vip": > > # npfctl table "vip" add 10.0.0.1 > # npfctl table "vip" rem 182.168.0.0/24 > > There also is "npfctl rule add" and "npfctl rule rem". Also blacklistd(8) > obviously does it.
These are the filter rules, not the NAT rules. The UPnP device essentially says two things: 1) Hey, I would like external hosts to be able to access me on port X. (filter rule, this works as you pointed out). 2) Hey, I'm at a.b.c.d, and I would like external port X to redirect to me at port Y. (NAT rule, this isn't supported yet). -- Kind Regards, Jan Danielsson
