=== Endpoint-Independent NAT Contact: Tom Jones This project aims to add support for Endpoint-Independent Mappings for UDP to the pf and ipfw firewalls. End Point Independent NAT enables applications behind a NAT speaking to multiple remote hosts to receive the same mappings. This allows an application without any NAT traversal mechanisms to work around NAT issues to perform peer discovery. From the remote hosts perspective the NAT is transparent and it is as-if there is no NAT at all. This form of NAT has been given several names over the last few decades and might be known as 'full-cone' NAT. Patches to pf landed in early September based on work by Damjan Jovanovic and Naman Sood with updates to work on pf in main. The patches add a new 'endpoint-independent' suffix to UDP pf nat rules. ipfw support for endpoint-independent is going to be made available via libalias, allowing any system which uses libalias for address translation to benefit from the change. There is an in-progress review https://reviews.freebsd.org/D46689[D46689] to add support to libalias. The in-progress change and the committed pf change could both benefit from testing in more and diverse environments. Sponsor: The FreeBSD Foundation Sponsor: Tailscale