Bug #311

Description

If there is any one place where I have shot myself in the foot hundreds of times this year alone, it’s on NAT. I keep plugging things into other things and missing a firewall rule or forgetting to turn off nat, and boom, any routing protocol daemon will get confused by this.

Merely ‘remembering’ as the idjit admin involved that interface X is natted is not good enough, at least, not for this idjit.

it would be good if there was a kernel event that a routing daemon could subscribe to, a query, a sysfs file, some sort of API that says ‘yes, virginia, this interface is natted for ipv4’ or ‘natted for ipv6’, and god help you if you announce any routes over it.

Similarly, being able to detect if a major firewall rule was in place, preventing forwarding in particular, would also help.

While you can do this via scripting, or maybe by linking to the iptables library, that’s painfully slow, and there is no ‘event’ per se’ that I know of. Maybe there is, who knows?

this was also sort of discussed on homenet, and when the NAT patches for ipv6 came around, I kind of lost it…