#!/usr/local/bin/cbsd
#v10.1.0
MYARG=""
MYOPTARG="nat"
MYDESC="Disable NAT service for RFC1918 Networks"
ADDHELP="nat = all, or nameofnat for disable specified framework\n"

. ${subrdir}/nc.subr
. ${cbsdinit}

RFC1918="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
EXT_IFACE=$( /usr/local/bin/cbsd getnics-by-ip ip=0.0.0.0 skip=bridge )

[ -z "${natip}" ] && err 0 "cbsd natoff: empty natip"
[ -n "${nat}" ] && nat_enable=${nat}

disable_pfnat() {
	${PFCTL_CMD} -F nat > /dev/null 2>&1
}

disable_ipfilter() {
	/sbin/ipnat -CF > /dev/null 2>&1
}

disable_ipfwnat() {
	/sbin/ipfw -q show ${fwcount_end} > /dev/null 2>&1
	if [ $? -eq 0 ]; then
		/sbin/ipfw delete ${fwcount_end}
		/sbin/ipfw delete nat 123 2>/dev/null
	fi
}

case "${nat_enable}" in
	pf)
		disable_pfnat
		;;
	ipfw)
		[ -z "`${SYSCTL_CMD} -n net.inet.ip.fw.enable 2>/dev/null 2>/dev/null`" ] && return 0
		disable_ipfwnat
	;;
	ipfilter)
		disable_ipfilter
	;;
	all|0|disable)
		disable_pfnat
		disable_ipfwnat
		disable_ipfilter
	;;
esac
