It also supports and performs a magnificent treatment in address translation. That is, we can convert traffic between networks to make it appear to have different origins or destinations, or to redirect it if necessary.

For example a PAT overload , which in IPTables is known as masquerading , can be done in the following way.

match out on genet0 inet nat-to (genet0) # a partir de la versión 4.7
nat on genet0 inet from genet1:network to any -> (genet0) # antes de la versión 4.7
block all
pass inet proto tcp from { self, genet1:network }

Where genet0 would be the external interface, and genet1 the internal one.