Skip to content

pfsense_nat_outbound

Jump to bottom
Orion Poplawski edited this page Jan 13, 2023 · 4 revisions

pfsensible.core.pfsense_nat_outbound


        Manage pfSense Outbound NAT Entries

ADDED IN: version 0.1.0 of pfsensible.core

OPTIONS (= is mandatory):

- address
        The translated to address, in {ALIAS,NETWORK}[:port] format.
        Leave address part empty to use interface address.
        default: null
        type: str

- after
        Rule to go after, or "top"
        default: null
        type: str

- before
        Rule to go before, or "bottom"
        default: null
        type: str

= descr
        The name of the nat rule
        default: null
        type: str

- destination
        The matching destination address, in
        {any,ALIAS,NETWORK}[:port] format.
        default: null
        type: str

- disabled
        Is the rule disabled
        default: false
        type: bool

- interface
        The interface for the rule
        default: null
        type: str

- invert
        Invert the sense of the destination match.
        default: false
        type: bool

- ipprotocol
        The Internet Protocol version this rule applies to.
        choices: [inet, inet46, inet6]
        default: inet46
        type: str

- nonat
        This option will disable NAT for traffic matching this rule
        and stop processing Outbound NAT rules
        default: false
        type: bool

- nosync
        Prevents the rule on Master from automatically syncing to
        other CARP members. This does NOT prevent the rule from being
        overwritten on Slave.
        default: false
        type: bool

- poolopts
        When an address pool is used, there are several options
        available that control how NAT translations happen on the
        pool.
        choices: ['', round-robin, round-robin sticky-address, random, random sticky-address, source-hash,
          bitmask]
        default: ''
        type: str

- protocol
        Which protocol this rule should match.
        choices: [any, tcp, udp, tcp/udp, icmp, esp, ah, gre, ipv6, igmp, carp, pfsync]
        default: any
        type: str

- source
        The matching source address, in
        {any,(self),ALIAS,NETWORK}[:port] format.
        default: null
        type: str

- source_hash_key
        The key that is fed to the hashing algorithm in hex format,
        preceeded by "0x", or any string. A non-hex string is hashed
        using md5 to a hexadecimal key. Defaults to a randomly
        generated value.
        default: ''
        type: str

- state
        State in which to leave the rule
        choices: [present, absent]
        default: present
        type: str

- staticnatport
        Do not randomize source port
        default: false
        type: bool


AUTHOR: Frederic Bor (@f-bor)

METADATA:
  metadata_version: '1.1'
  status:
  - preview
  supported_by: community

EXAMPLES:

- name: "Add NAT outbound traffic rule"
  pfsense_nat_outbound:
    descr: 'NAT outbound traffic'
    interface: wan
    source: any
    destination: any
    state: present
- name: "Delete NAT outbound traffic rule"
  pfsense_nat_outbound:
    descr: 'NAT outbound traffic'
    state: absent


RETURN VALUES:
- commands
        the set of commands that would be pushed to the remote device
        (if pfSense had a CLI)
        returned: always
        sample: ['create nat_outbound ''NAT outbound traffic'', interface=''wan'', source=''any'',
            destination=''any''', delete nat_outbound 'NAT outbound traffic']
        type: list
Clone this wiki locally