diff --git a/vendored/pfctl-rs/src/rule/mod.rs b/vendored/pfctl-rs/src/rule/mod.rs
index bd541b56..607e905b 100644
--- a/vendored/pfctl-rs/src/rule/mod.rs
+++ b/vendored/pfctl-rs/src/rule/mod.rs
@@ -193,6 +193,8 @@ pub struct RedirectRule {
     #[builder(default)]
     group: Gid,
     redirect_to: Endpoint,
+    #[builder(default)]
+    natpass: bool,
 }
 
 impl RedirectRuleBuilder {
@@ -228,6 +230,7 @@ impl TryCopyTo<ffi::pfvar::pf_rule> for RedirectRule {
             .chain_err(|| ErrorKind::InvalidArgument("Incompatible interface name"))?;
         pf_rule.proto = self.proto.into();
         pf_rule.af = self.get_af()?.into();
+        pf_rule.natpass = self.natpass as u8;
 
         self.from.try_copy_to(&mut pf_rule.src)?;
         self.to.try_copy_to(&mut pf_rule.dst)?;
diff --git a/vendored/pfctl-rs/tests/redirect_rules.rs b/vendored/pfctl-rs/tests/redirect_rules.rs
index 1b6f2676..c6849886 100644
--- a/vendored/pfctl-rs/tests/redirect_rules.rs
+++ b/vendored/pfctl-rs/tests/redirect_rules.rs
@@ -71,6 +71,22 @@ test!(add_redirect_rule_ipv4 {
     );
 });
 
+test!(add_redirect_rule_pass {
+    let mut pf = pfctl::PfCtl::new().unwrap();
+    let rule = pfctl::RedirectRuleBuilder::default()
+        .action(pfctl::RedirectRuleAction::Redirect)
+        .to(pfctl::Endpoint::new(Ipv4Addr::new(127, 0, 0, 1), 3000))
+        .redirect_to(pfctl::Endpoint::new(Ipv4Addr::new(127, 0, 0, 1), 4000))
+        .natpass(true)
+        .build()
+        .unwrap();
+    assert_matches!(pf.add_redirect_rule(ANCHOR_NAME, &rule), Ok(()));
+    assert_matches!(
+        pfcli::get_nat_rules(ANCHOR_NAME),
+        Ok(ref v) if v == &["rdr pass inet from any to 127.0.0.1 port = 3000 -> 127.0.0.1 port 4000"]
+    );
+});
+
 test!(add_redirect_rule_ipv6 {
     let mut pf = pfctl::PfCtl::new().unwrap();
     let rule = redirect_rule_ipv6();