In switching away from PFSense one of the few things I'm missing from
PFSense is the ability to use aliases (address-groups) when defining NAT
rules. I talked to dmbaturin about this on IRC but I figured I'd follow up
with this on the Forum.
A use case would be something like the following to allow Passive FTP with
a defined range of ports.
{{{
set firewall group address-group host-ftp address '10.1.0.4'
set firewall group port-group ports-ftp port '21'
set firewall group port-group ports-ftp port '29000-29050'
...
set firewall name FTP destination group address-group host-ftp
...
set nat destination rule 10 translation group address-group host-ftp
set nat destination rule 10 destination group port-group ports-ftp
}}}
I can imagine it would get tricky if you had more than one address in an
address-group and tried to use it in a NAT rule. But I only use the
host-ftp group as short hand for a single host that I can use in multiple
places.
_______________________________________________
Vyos-developers mailing list
Vyos-developers@lists.tuxis.nl
https://lists.tuxis.nl/listinfo/vyos-developers
