summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Gray <jsg@cvs.openbsd.org>2009-10-06 14:11:08 +0000
committerJonathan Gray <jsg@cvs.openbsd.org>2009-10-06 14:11:08 +0000
commit9b5999d0ab218c14cad682141e87004210c5292f (patch)
treeba0c463968210fc47c47cd9a6e1bc6db03929b12
parent14a682bc20346d7ea2cf97d0cd85ab2529bc6678 (diff)
more updates for new pf with source-hash manually added to
loaded output as it doesn't currently appear as it should. ok henning@
-rw-r--r--regress/sbin/pfctl/pf13.loaded32
-rw-r--r--regress/sbin/pfctl/pf13.ok32
-rw-r--r--regress/sbin/pfctl/pf13.optimized28
-rw-r--r--regress/sbin/pfctl/pf16.loaded18
-rw-r--r--regress/sbin/pfctl/pf16.optimized18
-rw-r--r--regress/sbin/pfctl/pf18.loaded72
-rw-r--r--regress/sbin/pfctl/pf18.optimized72
-rw-r--r--regress/sbin/pfctl/pf29.loaded6
-rw-r--r--regress/sbin/pfctl/pf29.optimized6
-rw-r--r--regress/sbin/pfctl/pf46.loaded16
-rw-r--r--regress/sbin/pfctl/pf46.optimized16
-rw-r--r--regress/sbin/pfctl/pf48.loaded42
-rw-r--r--regress/sbin/pfctl/pf48.optimized44
-rw-r--r--regress/sbin/pfctl/pf66.loaded12
-rw-r--r--regress/sbin/pfctl/pf66.optimized12
-rw-r--r--regress/sbin/pfctl/pf69.loaded6
-rw-r--r--regress/sbin/pfctl/pf69.optimized6
-rw-r--r--regress/sbin/pfctl/pf76.in2
-rw-r--r--regress/sbin/pfctl/pf76.loaded6
-rw-r--r--regress/sbin/pfctl/pf76.ok3
-rw-r--r--regress/sbin/pfctl/pf76.optimized6
-rw-r--r--regress/sbin/pfctl/pf80.in28
-rw-r--r--regress/sbin/pfctl/pf80.loaded62
-rw-r--r--regress/sbin/pfctl/pf80.ok31
-rw-r--r--regress/sbin/pfctl/pf80.optimized62
-rw-r--r--regress/sbin/pfctl/pf84.loaded22
-rw-r--r--regress/sbin/pfctl/pf84.optimized22
27 files changed, 348 insertions, 334 deletions
diff --git a/regress/sbin/pfctl/pf13.loaded b/regress/sbin/pfctl/pf13.loaded
index b8e29204835..e0eed5268ff 100644
--- a/regress/sbin/pfctl/pf13.loaded
+++ b/regress/sbin/pfctl/pf13.loaded
@@ -1,64 +1,64 @@
-@0 pass in quick on enc0 fastroute all flags S/SA keep state
+@0 pass in quick on enc0 all flags S/SA keep state fastroute
[ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass in quick on enc0 fastroute inet all flags S/SA keep state
+@1 pass in quick on enc0 inet all flags S/SA keep state fastroute
[ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass in quick on enc0 fastroute inet6 all flags S/SA keep state
+@2 pass in quick on enc0 inet6 all flags S/SA keep state fastroute
[ Skip steps: p=6 sa=8 sp=end da=4 dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state
+@3 pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=6 f=5 p=6 sa=8 sp=end dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state
+@4 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=6 p=6 sa=8 sp=end dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state
+@5 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end sa=8 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
+@6 block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1)
[ Skip steps: i=end d=end p=8 sa=8 sp=end da=8 dp=8 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
+@7 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1)
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@8 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=end p=10 sp=end dp=10 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@9 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@10 block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
+@10 block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1)
[ Skip steps: i=end d=end p=12 sa=12 sp=end da=12 dp=12 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@11 block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
+@11 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1)
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@12 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@12 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@13 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@13 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@14 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@14 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100)
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@15 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@15 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok
index 8062d2765bc..a141383e283 100644
--- a/regress/sbin/pfctl/pf13.ok
+++ b/regress/sbin/pfctl/pf13.ok
@@ -1,16 +1,16 @@
-pass in quick on enc0 fastroute all flags S/SA keep state
-pass in quick on enc0 fastroute inet all flags S/SA keep state
-pass in quick on enc0 fastroute inet6 all flags S/SA keep state
-pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state
-pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state
-pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state
-block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
-block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
-pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
-pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
-block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
-block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
-pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
-pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
-pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
-pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+pass in quick on enc0 all flags S/SA keep state fastroute
+pass in quick on enc0 inet all flags S/SA keep state fastroute
+pass in quick on enc0 inet6 all flags S/SA keep state fastroute
+pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001
+pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001
+pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001
+block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1)
+block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1)
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001
+block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1)
+block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1)
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100)
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2)
diff --git a/regress/sbin/pfctl/pf13.optimized b/regress/sbin/pfctl/pf13.optimized
index c93ee922e24..cd245b57023 100644
--- a/regress/sbin/pfctl/pf13.optimized
+++ b/regress/sbin/pfctl/pf13.optimized
@@ -1,56 +1,56 @@
-@0 pass in quick on enc0 fastroute all flags S/SA keep state
+@0 pass in quick on enc0 all flags S/SA keep state fastroute
[ Skip steps: p=4 sa=6 sp=end da=2 dp=4 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state
+@1 pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=4 f=3 p=4 sa=6 sp=end dp=4 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state
+@2 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=4 p=4 sa=6 sp=end dp=4 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state
+@3 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end sa=6 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
+@4 block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1)
[ Skip steps: i=end d=end p=6 sa=6 sp=end da=6 dp=6 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
+@5 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1)
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@6 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=end p=8 sp=end dp=8 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@7 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
+@8 block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1)
[ Skip steps: i=end d=end p=10 sa=10 sp=end da=10 dp=10 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
+@9 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1)
[ Skip steps: i=end d=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@10 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@10 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@11 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@11 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@12 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
+@12 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100)
[ Skip steps: i=end d=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@13 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state
+@13 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf16.loaded b/regress/sbin/pfctl/pf16.loaded
index 0f086b7c954..3f8f6e88ab8 100644
--- a/regress/sbin/pfctl/pf16.loaded
+++ b/regress/sbin/pfctl/pf16.loaded
@@ -1,16 +1,20 @@
-@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1
+ [ Skip steps: i=4 f=4 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@1 match in on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 rdr-to 10.0.0.10 port 22
+ [ Skip steps: i=4 f=4 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@2 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 static-port
+ [ Skip steps: i=4 f=4 p=end sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 match in on lo0 inet from any to 10.0.0.1 rdr-to 192.168.1.1
+ [ Skip steps: d=end p=end sa=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass in on lo1000000 all no state
+@4 pass in on lo1000000 all no state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf16.optimized b/regress/sbin/pfctl/pf16.optimized
index 0f086b7c954..3f8f6e88ab8 100644
--- a/regress/sbin/pfctl/pf16.optimized
+++ b/regress/sbin/pfctl/pf16.optimized
@@ -1,16 +1,20 @@
-@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1
+ [ Skip steps: i=4 f=4 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@1 match in on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 rdr-to 10.0.0.10 port 22
+ [ Skip steps: i=4 f=4 sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@2 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 static-port
+ [ Skip steps: i=4 f=4 p=end sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 match in on lo0 inet from any to 10.0.0.1 rdr-to 192.168.1.1
+ [ Skip steps: d=end p=end sa=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass in on lo1000000 all no state
+@4 pass in on lo1000000 all no state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf18.loaded b/regress/sbin/pfctl/pf18.loaded
index 97ab8105b6a..500fd46e527 100644
--- a/regress/sbin/pfctl/pf18.loaded
+++ b/regress/sbin/pfctl/pf18.loaded
@@ -1,80 +1,76 @@
-@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3
- [ Skip steps: i=16 d=end f=end p=2 sa=2 sp=end dp=end ]
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@3 match out on lo0 inet proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
+ [ Skip steps: i=15 d=end f=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 nat on lo0 inet proto icmp from 192.168.1.4 to any -> 10.0.0.4
- [ Skip steps: i=16 d=end f=end sp=end dp=end ]
+@4 match out on lo0 inet from 192.168.1.5 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 nat on lo0 inet from 192.168.1.5 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ]
+@5 match out on lo0 inet from 192.168.1.5 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 nat on lo0 inet from 192.168.1.5 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ]
+@6 match out on lo0 inet from 192.168.1.5 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 nat on lo0 inet from 192.168.1.5 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@7 match out on lo0 inet from 192.168.1.6 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 nat on lo0 inet from 192.168.1.6 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ]
+@8 match out on lo0 inet from 192.168.1.6 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 nat on lo0 inet from 192.168.1.6 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ]
+@9 match out on lo0 inet from 192.168.1.6 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@10 nat on lo0 inet from 192.168.1.6 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@10 match out on lo0 inet from 192.168.1.7 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@11 nat on lo0 inet from 192.168.1.7 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ]
+@11 match out on lo0 inet from 192.168.1.7 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@12 nat on lo0 inet from 192.168.1.7 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ]
+@12 match out on lo0 inet from 192.168.1.7 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@13 nat on lo0 inet from 192.168.1.7 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@13 match out on lo0 inet from 192.168.0.0/24 to any nat-to (lo0) round-robin
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@14 nat on lo0 inet from 192.168.0.0/24 to any -> (lo0) round-robin
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@15 nat on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 -> 10.0.0.8
+@14 match out on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
[ Skip steps: d=end f=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@16 nat on ! lo0 inet proto udp all -> 10.0.0.8 static-port
- [ Skip steps: i=18 d=end f=end sa=end sp=end da=end dp=end ]
+@15 match out on ! lo0 inet proto udp all nat-to 10.0.0.8 static-port
+ [ Skip steps: i=17 d=end f=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@17 nat on ! lo0 inet proto tcp all -> 10.0.0.8 static-port
+@16 match out on ! lo0 inet proto tcp all nat-to 10.0.0.8 static-port
[ Skip steps: d=end f=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@18 nat on lo0 inet all -> 10.0.0.8
+@17 match out on lo0 inet all nat-to 10.0.0.8
[ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@19 nat on tun1000000 inet all -> 10.0.0.8
+@18 match out on tun1000000 inet all nat-to 10.0.0.8
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf18.optimized b/regress/sbin/pfctl/pf18.optimized
index 97ab8105b6a..500fd46e527 100644
--- a/regress/sbin/pfctl/pf18.optimized
+++ b/regress/sbin/pfctl/pf18.optimized
@@ -1,80 +1,76 @@
-@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3
- [ Skip steps: i=16 d=end f=end p=2 sa=2 sp=end dp=end ]
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3
+ [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3
- [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ]
+@3 match out on lo0 inet proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
+ [ Skip steps: i=15 d=end f=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 nat on lo0 inet proto icmp from 192.168.1.4 to any -> 10.0.0.4
- [ Skip steps: i=16 d=end f=end sp=end dp=end ]
+@4 match out on lo0 inet from 192.168.1.5 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 nat on lo0 inet from 192.168.1.5 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ]
+@5 match out on lo0 inet from 192.168.1.5 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 nat on lo0 inet from 192.168.1.5 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ]
+@6 match out on lo0 inet from 192.168.1.5 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 nat on lo0 inet from 192.168.1.5 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@7 match out on lo0 inet from 192.168.1.6 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 nat on lo0 inet from 192.168.1.6 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ]
+@8 match out on lo0 inet from 192.168.1.6 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 nat on lo0 inet from 192.168.1.6 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ]
+@9 match out on lo0 inet from 192.168.1.6 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@10 nat on lo0 inet from 192.168.1.6 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@10 match out on lo0 inet from 192.168.1.7 to 172.6.1.1 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@11 nat on lo0 inet from 192.168.1.7 to 172.6.1.1 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ]
+@11 match out on lo0 inet from 192.168.1.7 to 172.14.1.2 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@12 nat on lo0 inet from 192.168.1.7 to 172.14.1.2 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ]
+@12 match out on lo0 inet from 192.168.1.7 to 172.16.2.0/24 nat-to 127.0.0.1
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@13 nat on lo0 inet from 192.168.1.7 to 172.16.2.0/24 -> 127.0.0.1
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
+@13 match out on lo0 inet from 192.168.0.0/24 to any nat-to (lo0) round-robin
+ [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@14 nat on lo0 inet from 192.168.0.0/24 to any -> (lo0) round-robin
- [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@15 nat on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 -> 10.0.0.8
+@14 match out on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
[ Skip steps: d=end f=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@16 nat on ! lo0 inet proto udp all -> 10.0.0.8 static-port
- [ Skip steps: i=18 d=end f=end sa=end sp=end da=end dp=end ]
+@15 match out on ! lo0 inet proto udp all nat-to 10.0.0.8 static-port
+ [ Skip steps: i=17 d=end f=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@17 nat on ! lo0 inet proto tcp all -> 10.0.0.8 static-port
+@16 match out on ! lo0 inet proto tcp all nat-to 10.0.0.8 static-port
[ Skip steps: d=end f=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@18 nat on lo0 inet all -> 10.0.0.8
+@17 match out on lo0 inet all nat-to 10.0.0.8
[ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@19 nat on tun1000000 inet all -> 10.0.0.8
+@18 match out on tun1000000 inet all nat-to 10.0.0.8
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf29.loaded b/regress/sbin/pfctl/pf29.loaded
index 6f4615d697f..6c4baf48f1a 100644
--- a/regress/sbin/pfctl/pf29.loaded
+++ b/regress/sbin/pfctl/pf29.loaded
@@ -1,12 +1,12 @@
-@0 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 -> 127.0.0.1 port 8000:8010
+@0 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 rdr-to 127.0.0.1 port 8000:8010
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 -> 127.0.0.1 port 179:180
+@1 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 rdr-to 127.0.0.1 port 179:180
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 -> 127.0.0.1 port 22
+@2 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 rdr-to 127.0.0.1 port 22
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf29.optimized b/regress/sbin/pfctl/pf29.optimized
index 6f4615d697f..6c4baf48f1a 100644
--- a/regress/sbin/pfctl/pf29.optimized
+++ b/regress/sbin/pfctl/pf29.optimized
@@ -1,12 +1,12 @@
-@0 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 -> 127.0.0.1 port 8000:8010
+@0 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 rdr-to 127.0.0.1 port 8000:8010
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 -> 127.0.0.1 port 179:180
+@1 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 rdr-to 127.0.0.1 port 179:180
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 -> 127.0.0.1 port 22
+@2 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 rdr-to 127.0.0.1 port 22
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf46.loaded b/regress/sbin/pfctl/pf46.loaded
index efdb5212ded..ed94058204b 100644
--- a/regress/sbin/pfctl/pf46.loaded
+++ b/regress/sbin/pfctl/pf46.loaded
@@ -1,32 +1,32 @@
-@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state
+@0 pass in on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state
+@1 pass out on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state
+@2 pass in on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state
+@3 pass out on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state
+@4 pass in on lo0 inet6 all flags S/SA keep state reply-to { pflog0, pflog0 } round-robin
[ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state
+@5 pass in on lo0 inet all flags S/SA keep state reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef
[ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state
+@6 pass out on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0
[ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state
+@7 pass in on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf46.optimized b/regress/sbin/pfctl/pf46.optimized
index efdb5212ded..ed94058204b 100644
--- a/regress/sbin/pfctl/pf46.optimized
+++ b/regress/sbin/pfctl/pf46.optimized
@@ -1,32 +1,32 @@
-@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state
+@0 pass in on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state
+@1 pass out on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state
+@2 pass in on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state
+@3 pass out on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state
+@4 pass in on lo0 inet6 all flags S/SA keep state reply-to { pflog0, pflog0 } round-robin
[ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state
+@5 pass in on lo0 inet all flags S/SA keep state reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef
[ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state
+@6 pass out on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0
[ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state
+@7 pass in on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf48.loaded b/regress/sbin/pfctl/pf48.loaded
index 1f39a36750e..a3ce438ba56 100644
--- a/regress/sbin/pfctl/pf48.loaded
+++ b/regress/sbin/pfctl/pf48.loaded
@@ -1,56 +1,56 @@
-@0 nat on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: d=end f=end p=end sp=end da=end dp=end ]
+@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: d=2 f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: d=end f=end p=end sp=end da=end dp=end ]
+@2 match in on lo0 inet from <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1
+ [ Skip steps: d=6 f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@3 match in on ! lo0 inet from ! <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1
+ [ Skip steps: d=6 p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 match in from <regress.1:2> to any
- [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ]
+@4 match in from <regress.1:2> to any
+ [ Skip steps: i=end d=6 f=end p=end sp=end da=6 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 match in from ! <regress.2:*> to any
+@5 match in from ! <regress.2:*> to any
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 match out from any to ! <regress.1:2>
- [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ]
+@6 match out from any to ! <regress.1:2>
+ [ Skip steps: i=end d=8 f=end p=end sa=8 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 match out from any to <regress.2:*>
+@7 match out from any to <regress.2:*>
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in from <regress:6> to any flags S/SA keep state
+@8 pass in from <regress:6> to any flags S/SA keep state
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 pass out from any to <regress:6> flags S/SA keep state
+@9 pass out from any to <regress:6> flags S/SA keep state
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 pass in from <regress.1:2> to any flags S/SA keep state
- [ Skip steps: i=end d=8 f=end p=end sp=end da=8 dp=end ]
+@10 pass in from <regress.1:2> to any flags S/SA keep state
+ [ Skip steps: i=end d=12 f=end p=end sp=end da=12 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 pass in from <regress.2:*> to any flags S/SA keep state
+@11 pass in from <regress.2:*> to any flags S/SA keep state
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 pass out from any to ! <regress.1:2> flags S/SA keep state
+@12 pass out from any to ! <regress.1:2> flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 pass out from any to ! <regress.2:*> flags S/SA keep state
+@13 pass out from any to ! <regress.2:*> flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf48.optimized b/regress/sbin/pfctl/pf48.optimized
index b7832dac8cd..dbc84cefd5f 100644
--- a/regress/sbin/pfctl/pf48.optimized
+++ b/regress/sbin/pfctl/pf48.optimized
@@ -1,56 +1,56 @@
-@0 nat on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: d=end f=end p=end sp=end da=end dp=end ]
+@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: d=2 f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: d=end f=end p=end sp=end da=end dp=end ]
+@2 match in on lo0 inet from <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1
+ [ Skip steps: d=6 f=4 p=end sp=end da=4 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@3 match in on ! lo0 inet from ! <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1
+ [ Skip steps: d=6 p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 match in from <regress.1:2> to any
- [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ]
+@4 match in from <regress.1:2> to any
+ [ Skip steps: i=end d=6 f=end p=end sp=end da=6 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 match in from ! <regress.2:*> to any
+@5 match in from ! <regress.2:*> to any
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 match out from any to ! <regress.1:2>
- [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ]
+@6 match out from any to ! <regress.1:2>
+ [ Skip steps: i=end d=8 f=end p=end sa=8 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 match out from any to <regress.2:*>
+@7 match out from any to <regress.2:*>
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in from <regress:6> to any flags S/SA keep state
- [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ]
+@8 pass in from <regress:6> to any flags S/SA keep state
+ [ Skip steps: i=end d=11 f=end p=end sp=end da=11 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 pass in from <regress.1:2> to any flags S/SA keep state
- [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ]
+@9 pass in from <regress.1:2> to any flags S/SA keep state
+ [ Skip steps: i=end d=11 f=end p=end sp=end da=11 dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@6 pass in from <regress.2:*> to any flags S/SA keep state
+@10 pass in from <regress.2:*> to any flags S/SA keep state
[ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@7 pass out from any to <regress:6> flags S/SA keep state
+@11 pass out from any to <regress:6> flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@8 pass out from any to ! <regress.1:2> flags S/SA keep state
+@12 pass out from any to ! <regress.1:2> flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@9 pass out from any to ! <regress.2:*> flags S/SA keep state
+@13 pass out from any to ! <regress.2:*> flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf66.loaded b/regress/sbin/pfctl/pf66.loaded
index 82332522aa6..6bd8c3c3119 100644
--- a/regress/sbin/pfctl/pf66.loaded
+++ b/regress/sbin/pfctl/pf66.loaded
@@ -1,24 +1,24 @@
-@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 port 500
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 port 500
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 1000:5000
+@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 1000:5000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:1000
+@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:1000
[ Skip steps: i=end d=end f=end p=4 sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat on lo0 inet proto udp from 192.168.1.4 to any -> 10.0.0.4 port 50000
+@3 match out on lo0 inet proto udp from 192.168.1.4 to any nat-to 10.0.0.4 port 50000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 80:5000
+@4 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 80:5000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:80
+@5 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:80
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf66.optimized b/regress/sbin/pfctl/pf66.optimized
index 82332522aa6..6bd8c3c3119 100644
--- a/regress/sbin/pfctl/pf66.optimized
+++ b/regress/sbin/pfctl/pf66.optimized
@@ -1,24 +1,24 @@
-@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 port 500
+@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 port 500
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 1000:5000
+@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 1000:5000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:1000
+@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:1000
[ Skip steps: i=end d=end f=end p=4 sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat on lo0 inet proto udp from 192.168.1.4 to any -> 10.0.0.4 port 50000
+@3 match out on lo0 inet proto udp from 192.168.1.4 to any nat-to 10.0.0.4 port 50000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 80:5000
+@4 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 80:5000
[ Skip steps: i=end d=end f=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@5 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:80
+@5 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:80
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf69.loaded b/regress/sbin/pfctl/pf69.loaded
index b6ada19d8c5..5917920d1e8 100644
--- a/regress/sbin/pfctl/pf69.loaded
+++ b/regress/sbin/pfctl/pf69.loaded
@@ -1,8 +1,8 @@
-@0 nat on lo0 inet all tag regress -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on lo0 inet all tag regress nat-to 127.0.0.1
+ [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass out quick on lo0 all flags S/SA keep state tagged regress
+@1 pass out quick on lo0 all flags S/SA keep state tagged regress
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf69.optimized b/regress/sbin/pfctl/pf69.optimized
index b6ada19d8c5..5917920d1e8 100644
--- a/regress/sbin/pfctl/pf69.optimized
+++ b/regress/sbin/pfctl/pf69.optimized
@@ -1,8 +1,8 @@
-@0 nat on lo0 inet all tag regress -> 127.0.0.1
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on lo0 inet all tag regress nat-to 127.0.0.1
+ [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass out quick on lo0 all flags S/SA keep state tagged regress
+@1 pass out quick on lo0 all flags S/SA keep state tagged regress
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf76.in b/regress/sbin/pfctl/pf76.in
index 0e32442dd80..c487a548188 100644
--- a/regress/sbin/pfctl/pf76.in
+++ b/regress/sbin/pfctl/pf76.in
@@ -1,2 +1,2 @@
# check_netmask _after_ remove_dead_hosts
-binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> lo0
+match on lo0 inet from 1.2.3.4 to 5.6.7.8 binat-to lo0
diff --git a/regress/sbin/pfctl/pf76.loaded b/regress/sbin/pfctl/pf76.loaded
index 54231329bbe..344809da591 100644
--- a/regress/sbin/pfctl/pf76.loaded
+++ b/regress/sbin/pfctl/pf76.loaded
@@ -1,4 +1,8 @@
-@0 binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1
+@0 match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port
+ [ Skip steps: i=end f=end p=end sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf76.ok b/regress/sbin/pfctl/pf76.ok
index 7b3ba90f1b3..6de2441cbe6 100644
--- a/regress/sbin/pfctl/pf76.ok
+++ b/regress/sbin/pfctl/pf76.ok
@@ -1 +1,2 @@
-binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1
+match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port
+match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4
diff --git a/regress/sbin/pfctl/pf76.optimized b/regress/sbin/pfctl/pf76.optimized
index 54231329bbe..344809da591 100644
--- a/regress/sbin/pfctl/pf76.optimized
+++ b/regress/sbin/pfctl/pf76.optimized
@@ -1,4 +1,8 @@
-@0 binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1
+@0 match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port
+ [ Skip steps: i=end f=end p=end sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf80.in b/regress/sbin/pfctl/pf80.in
index 01913620b22..445c333668f 100644
--- a/regress/sbin/pfctl/pf80.in
+++ b/regress/sbin/pfctl/pf80.in
@@ -1,19 +1,15 @@
-nat pass on lo0 from 10/8 to 172.16/16 -> 172.16.0.1
-rdr pass on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080
-binat pass on lo0 from 10/8 to 11/8 -> 12/8
+pass out on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1
+pass in on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080
+pass on lo0 from 10/8 to 11/8 binat-to 12/8
-nat pass log on lo0 from 10/8 to 172.16/16 -> 172.16.0.1
-rdr pass log on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080
-binat pass log on lo0 from 10/8 to 11/8 -> 12/8
+pass out log on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1
+pass in log on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080
+pass log on lo0 from 10/8 to 11/8 binat-to 12/8
-nat pass log (all) on lo0 from 10/8 to 172.16/16 -> 172.16.0.1
-rdr pass log (all) on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080
-binat pass log (all) on lo0 from 10/8 to 11/8 -> 12/8
+pass out log (all) on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1
+pass in log (all) on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080
+pass log (all) on lo0 from 10/8 to 11/8 binat-to 12/8
-nat log on lo0 from 10/8 to 172.16/16 -> 172.16.0.1
-rdr log on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080
-binat log on lo0 from 10/8 to 11/8 -> 12/8
-
-no nat log on lo0 from 20/8 to 192.168.0/24
-no rdr log on lo0 proto tcp from any to 3.4.5.6 port 443
-no binat log on lo0 from 20/8 to 13/8
+match out log on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1
+match in log on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080
+match log on lo0 from 10/8 to 11/8 binat-to 12/8
diff --git a/regress/sbin/pfctl/pf80.loaded b/regress/sbin/pfctl/pf80.loaded
index 0eb3ad14a67..3c3e7f6cfa1 100644
--- a/regress/sbin/pfctl/pf80.loaded
+++ b/regress/sbin/pfctl/pf80.loaded
@@ -1,60 +1,64 @@
-@0 nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@0 pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@1 pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@2 pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=5 sp=end dp=5 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sp=end dp=end ]
+@3 pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=5 sp=end dp=5 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@4 pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@5 pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@6 pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=9 sp=end dp=9 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@7 pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=9 sp=end dp=9 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end ]
+@8 pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@9 pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=13 sp=end dp=13 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@11 pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=13 sp=end dp=13 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@12 match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@13 match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sp=end dp=end ]
+@14 match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8
+@15 match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf80.ok b/regress/sbin/pfctl/pf80.ok
index 71d12e60034..40f2d0541d7 100644
--- a/regress/sbin/pfctl/pf80.ok
+++ b/regress/sbin/pfctl/pf80.ok
@@ -1,15 +1,16 @@
-nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
-nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
-nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
-nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
-no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24
-rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
-rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
-rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
-rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
-no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https
-binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
-binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
-binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
-binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
-no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8
+pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1
+match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080
+match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port
+match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8
diff --git a/regress/sbin/pfctl/pf80.optimized b/regress/sbin/pfctl/pf80.optimized
index 0eb3ad14a67..3c3e7f6cfa1 100644
--- a/regress/sbin/pfctl/pf80.optimized
+++ b/regress/sbin/pfctl/pf80.optimized
@@ -1,60 +1,64 @@
-@0 nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@0 pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@1 pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@2 pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=5 sp=end dp=5 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1
- [ Skip steps: i=end d=end f=end p=end sp=end dp=end ]
+@3 pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=5 sp=end dp=5 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@4 pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@5 pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@6 pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=9 sp=end dp=9 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ]
+@7 pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=9 sp=end dp=9 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end ]
+@8 pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@9 pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=13 sp=end dp=13 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@11 pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8
+ [ Skip steps: i=end f=end p=13 sp=end dp=13 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@12 match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ]
+@13 match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080
+ [ Skip steps: i=end f=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8
- [ Skip steps: i=end d=end f=end p=end sp=end dp=end ]
+@14 match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port
+ [ Skip steps: i=end f=end p=end sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8
+@15 match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf84.loaded b/regress/sbin/pfctl/pf84.loaded
index e9de6569a83..c1118731eef 100644
--- a/regress/sbin/pfctl/pf84.loaded
+++ b/regress/sbin/pfctl/pf84.loaded
@@ -1,32 +1,32 @@
-@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on tun1000000 inet from 10.0.0.0/24 to any nat-to { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
+ [ Skip steps: i=3 f=3 p=3 sp=end dp=3 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
+@1 match in on tun1000000 inet from any to 10.0.1.1 rdr-to 10.0.0.0/24 random sticky-address
+ [ Skip steps: i=3 d=end f=3 p=3 sa=end sp=end dp=3 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@2 match in on tun1000000 inet from any to 10.0.1.2 rdr-to { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
+ [ Skip steps: d=end sa=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global)
+@3 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global)
+@4 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
+@5 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000)
+@6 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3)
+@7 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf84.optimized b/regress/sbin/pfctl/pf84.optimized
index e9de6569a83..c1118731eef 100644
--- a/regress/sbin/pfctl/pf84.optimized
+++ b/regress/sbin/pfctl/pf84.optimized
@@ -1,32 +1,32 @@
-@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@0 match out on tun1000000 inet from 10.0.0.0/24 to any nat-to { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
+ [ Skip steps: i=3 f=3 p=3 sp=end dp=3 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
+@1 match in on tun1000000 inet from any to 10.0.1.1 rdr-to 10.0.0.0/24 random sticky-address
+ [ Skip steps: i=3 d=end f=3 p=3 sa=end sp=end dp=3 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@2 match in on tun1000000 inet from any to 10.0.1.2 rdr-to { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
+ [ Skip steps: d=end sa=end sp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global)
+@3 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global)
+@4 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
+@5 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000)
+@6 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3)
+@7 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3)
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]