Existing NAT rule without full destination/source precludes all other NAT rules from being added.

[JacobSweeten]

In the following code, the module attempts to get the items from the special keys (destination and source), but it is possible for these values to be "any", which is a string and not a dictionary as the code expects.

https://github.com/alkivi-sas/salt-pfsense/blob/0f2f9fc7705d65aa76c2cf096abf683e95c3b0c3/_modules/pfsense_nat_rule.py#L124

When it pulls the existing rules from the firewall to check if the state will produce duplicates, it fails. This means that one NAT rule configured with source or destination as "any" will cause any states involving NAT rules to fail.

[martintamare]

This is a tricky one. How to match a NAT rule : with it's description only ? Or something more specific, from more specific (with source and/or destination) to global (with any). Still don't know the right way to take for this one ...

Will investigate more when I'll need to make this work in the futur :)