Skip to content

pfsense_nat_port_forward

Jump to bottom
Orion Poplawski edited this page Jan 1, 2024 · 5 revisions

pfsensible.core.pfsense_nat_port_forward


        Manage pfSense port forwarding NAT (DNAT) rules.

ADDED IN: version 0.1.0 of pfsensible.core

OPTIONS (= is mandatory):

- after
        Rule to go after, or "top"
        default: null
        type: str

- associated_rule
        Choose one of Add an associated filter rule gets updated when
        the port forward is updated, or Add an unassociated filter
        rule, or pass which passes all traffic that matches the entry
        without having a firewall rule at all.
        choices: [associated, unassociated, pass, none]
        default: associated
        type: str

- before
        Rule to go before, or "bottom"
        default: null
        type: str

= descr
        The name of the NAT rule
        default: null
        type: str

- destination
        The destination address, in
        [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port]
        format.
        default: null
        type: str

- disabled
        Is the rule disabled
        default: false
        type: bool

- interface
        The interface for the rule
        default: null
        type: str

- ipprotocol
        The IP protocol
        choices: [inet, inet6]
        default: inet
        type: str

- natreflection
        Allows NAT reflection to be enabled or disabled on a per-port
        forward basis.
        choices: [system-default, enable, purenat, disable]
        default: system-default
        type: str

- nordr
        Disable redirection for traffic matching this rule
        default: false
        type: bool

- nosync
        Prevents the rule on Master from automatically syncing to
        other CARP members. This does NOT prevent the rule from being
        overwritten on Slave.
        default: false
        type: bool

- protocol
        Which protocol this rule should match.
        choices: [tcp, udp, tcp/udp, icmp, esp, ah, gre, ipv6, igmp, pim, ospf]
        default: tcp
        type: str

- source
        The source address, in
        [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port]
        format.
        default: null
        type: str

- state
        State in which to leave the rule
        choices: [present, absent]
        default: present
        type: str

- target
        The translated to address, in {ALIAS,IP}[:port] format.
        default: null
        type: str


AUTHOR: Frederic Bor (@f-bor)

METADATA:
  metadata_version: '1.1'
  status:
  - preview
  supported_by: community

EXAMPLES:

- name: "Add NAT port forward traffic rule"
  pfsense_nat_port_forward:
    descr: 'ssh'
    interface: wan
    source: any
    destination: any:22
    target: 1.2.3.4:22
    associated_rule: pass
    state: present
- name: "Delete NAT port forward traffic rule"
  pfsense_nat_port_forward:
    descr: 'ssh'
    state: absent


RETURN VALUES:
- commands
        the set of commands that would be pushed to the remote device
        (if pfSense had a CLI)
        returned: always
        sample: ['create nat_port_forward ''ssh'', interface=''wan'', source=''any'', destination=''any:22'',
            target=''1.2.3.4:22'', associated_rule=''pass''', delete nat_port_forward 'ssh']
        type: list
Clone this wiki locally