From e9446f537051c7b536d0b3fbb5ebd00c3766001a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@netgate.com>
Date: Tue, 4 Dec 2018 09:03:46 -0500
Subject: [PATCH] Fix NPt validation to allow single addresses. Fixes #9163

---
 src/etc/inc/filter.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index f4f0f55bd92..5bc60875800 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -2049,7 +2049,8 @@ function filter_nat_rules_generate() {
 
 			/* Do not form an invalid NPt rule.
 			 * See https://redmine.pfsense.org/issues/8575 */
-			if (!is_subnetv6($srcaddr) || !is_subnetv6($dstaddr)) {
+			if (!(is_subnetv6($srcaddr) || is_ipaddrv6($srcaddr)) ||
+			    !(is_subnetv6($dstaddr) || is_ipaddrv6($dstaddr))) {
 				continue;
 			}