NAME

WebService::OPNsense::Firewall::DNat - Firewall port forward (DNAT) rule controller

VERSION

version 0.003

SYNOPSIS

use WebService::OPNsense::Constants qw( $PROTO_TCP $OPN_ENABLED );

my $d_nat = $opn->firewall_d_nat;

# List port forward rules
my $rules = $d_nat->search_rule;

# Create a port forward rule
$d_nat->add_rule({
    rule => {
        description      => 'Forward HTTP to internal server',
        protocol         => $PROTO_TCP,
        destination_net  => '203.0.113.1',
        destination_port => '80',
        target           => '192.0.2.10',
        local_port       => '80',
        enabled          => $OPN_ENABLED,
    },
});

DESCRIPTION

Manages destination NAT (port forward) rules on the OPNsense firewall. All methods are provided by WebService::OPNsense::Firewall::Role::NAT.

CONSTANTS

Protocol constants are available from WebService::OPNsense::Constants:

$PROTO_TCP
$PROTO_UDP
$PROTO_TCP_UDP
$PROTO_ICMP
$PROTO_ANY

Use them when setting the protocol field in a rule.

SEE ALSO

WebService::OPNsense::Firewall::Role::NAT

PROVIDED METHODS

The following methods are inherited from consumed roles.

search_rule

my $results = $ctrl->search_rule( %params );

Searches for NAT rules.

get_rule

my $rule = $ctrl->get_rule( $uuid );

Returns a single rule by UUID. Throws if $uuid is not a valid UUID.

add_rule

my $result = $ctrl->add_rule( $rule_data );

Creates rule.

set_rule

my $result = $ctrl->set_rule( $uuid, $rule_data );

Updates rule. Throws if $uuid is not a valid UUID.

del_rule

my $result = $ctrl->del_rule( $uuid );

Deletes a rule by UUID. Throws if $uuid is not a valid UUID.

toggle_rule

my $result = $ctrl->toggle_rule( $uuid, $enabled );

Enables or disables a rule. Throws if $uuid is not a valid UUID.

toggle_rule_log

my $result = $ctrl->toggle_rule_log( $uuid, $log );

Toggles the log flag for a rule. Throws if $uuid is not a valid UUID.

apply

my $result = $ctrl->apply;
my $result = $ctrl->apply( $rollback_revision );

Applies pending changes.

savepoint

my $result = $ctrl->savepoint;

Creates a configuration savepoint for rollback.

cancel_rollback

my $result = $ctrl->cancel_rollback( $revision );

Cancels a pending rollback.

move_rule_before

my $result = $ctrl->move_rule_before( $selected_uuid, $target_uuid );

Moves a rule before another rule. Throws if either UUID is invalid.

revert

my $result = $ctrl->revert( $revision );

Reverts to a previous configuration revision.

get

my $config = $ctrl->get;

Returns the full configuration.

set_settings

my $result = $ctrl->set_settings( $settings );

Updates the configuration.

list_categories

my $categories = $ctrl->list_categories;

Returns a list of available rule categories.

list_network_select_options

my $options = $ctrl->list_network_select_options;

Returns selectable network options for rule creation.

list_port_select_options

my $options = $ctrl->list_port_select_options;

Returns selectable port options for rule creation.

client

my $http_client = $ctrl->client;

Returns the underlying HTTP client object used for API requests.

AUTHOR

Dean Hamstead <dean@fragfest.com.au>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2026 by Dean Hamstead.

This is free software, licensed under:

The MIT (X11) License