#!/usr/local/bin/cbsd
#v10.1.0
MYARG=""
MYOPTARG="nat"
MYDESC="Disable NAT service for cbsd_nat_networks"
ADDHELP="
${H3_COLOR}Description${N0_COLOR}:

Enable/apply NAT framework configured via 'cbsd natcfg'

pf firewall notes:

 Also you can re-configure 'cbsd naton' function via ~cbsd/etc/cbsd-pf.conf and switch from
 internal CBSD 'enable' method to custom.

${H3_COLOR}Options${N0_COLOR}:

 ${N2_COLOR}nat${N0_COLOR}    - alternative NAT framework name, or 'all'.

${H3_COLOR}Examples${N0_COLOR}:

 # cbsd naton

${H3_COLOR}See also${N0_COLOR}:

 cbsd natcfg --help
 cbsd natoff --help
 cbsd expose --help

"
. ${subrdir}/nc.subr
. ${cbsdinit}

EXT_IFACE=$( /usr/local/bin/cbsd getnics-by-ip ip=0.0.0.0 skip=bridge )

[ -z "${natip}" ] && err 0 "cbsd natoff: empty natip"
[ -n "${nat}" ] && nat_enable=${nat}

disable_pfnat() {
	${PFCTL_CMD} -F nat > /dev/null 2>&1
}

disable_ipfilter() {
	/sbin/ipnat -CF > /dev/null 2>&1
}

disable_ipfwnat() {
	IPFW_CMD -q show ${fwcount_end} > /dev/null 2>&1
	if [ $? -eq 0 ]; then
		IPFW_CMD delete ${fwcount_end}
		IPFW_CMD delete nat 123 2>/dev/null
	fi
}

case "${nat_enable}" in
	pf)
		disable_pfnat
		;;
	ipfw)
		[ -z "`${SYSCTL_CMD} -n net.inet.ip.fw.enable 2>/dev/null 2>/dev/null`" ] && return 0
		disable_ipfwnat
	;;
	ipfilter)
		disable_ipfilter
	;;
	all|0|disable)
		disable_pfnat
		disable_ipfwnat
		disable_ipfilter
	;;
esac

exit 0
