DNAT firewall state


I haven’t dug too far into the bowels of the firewall code, but I was wondering if it would be possible to make DNAT (or SNAT) a valid “state” on firewall rules.

The goal would be to have ONE firewall rule that would allow any DNAT connection. This would save a lot of duplication of work when you create a NAT rule.

From what I know of netfilter, DNAT is just another state along with ESTABLISHED, NEW, etc.