From 39eed8a108d29bbb9ccd1d50b261abc877f4a5a0 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sun, 22 May 2016 20:11:18 +0200
Subject: [PATCH] firewall: npt alignment

NPT is a kind of abandoned feature that had a custom kernel patch.
I tried to trace the origin through OpenBSD, but their pf(4) since
switched away from separate binat rules in the last known form like
it is still in FreeBSD.

Furthermore, the original GUI commit looks odd in that it tries to
push the same traffic downwards that would match in the former line,
which acutally points upwards.  It's either that or completely zapping
the line.  For now, repair the rules reload by trying to retain the
spirit of what it tries to achieve and wait for further feedback.

This late bug report also suggests that virtually nobody uses NPT
today since we've had no upstream reports since at least 15.7 was
out.

PR: https://forum.opnsense.org/index.php?topic=3076.0
---
 src/etc/inc/filter.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 9dc6daa94..869775b63 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -1707,7 +1707,7 @@ function filter_nat_rules_generate(&$FilterIflist)
             $natif = $FilterIflist[$natif]['descr'];
 
             $natrules .= "binat on \${$natif} from {$srcaddr} to any -> {$dstaddr}\n";
-            $natrules .= "binat on \${$natif} from any to {$dstaddr} -> {$srcaddr}\n";
+            $natrules .= "binat on \${$natif} from {$dstaddr} to any -> {$srcaddr}\n";
         }
     }