nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0

random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
author: Christian Breunig <christian@breunig.cc> 2024-05-22 21:31:32 +0200
committer: Christian Breunig <christian@breunig.cc> 2024-05-22 21:33:06 +0200
commit: 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070 (patch)
tree: 6c20a009f5f64fc7d71c8290eac2f7330291630f /interface-definitions/include
parent: 252ae4b0b9519c97164e8901ce192e104827102d (diff)
download: vyos-1x-7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070.tar.gz
vyos-1x-7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070.zip
2 files changed, 3 insertions, 7 deletions
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i
index 6b95de045..c8900590f 100644
--- a/interface-definitions/include/nat-translation-options.xml.i
+++ b/interface-definitions/include/nat-translation-options.xml.i
@@ -28,22 +28,18 @@
       <properties>
         <help>Port mapping options</help>
         <completionHelp>
-          <list>random fully-random none</list>
+          <list>random none</list>
         </completionHelp>
         <valueHelp>
           <format>random</format>
           <description>Randomize source port mapping</description>
         </valueHelp>
         <valueHelp>
-          <format>fully-random</format>
-          <description>Full port randomization</description>
-        </valueHelp>
-        <valueHelp>
           <format>none</format>
           <description>Do not apply port randomization</description>
         </valueHelp>
         <constraint>
-          <regex>(random|fully-random|none)</regex>
+          <regex>(random|none)</regex>
         </constraint>
       </properties>
       <defaultValue>none</defaultValue>
diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i
index 656da6e14..173e91ed3 100644
--- a/interface-definitions/include/version/nat-version.xml.i
+++ b/interface-definitions/include/version/nat-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/nat-version.xml.i -->
-<syntaxVersion component='nat' version='7'></syntaxVersion>
+<syntaxVersion component='nat' version='8'></syntaxVersion>
 <!-- include end -->
author	Christian Breunig <christian@breunig.cc>	2024-05-22 21:31:32 +0200
committer	Christian Breunig <christian@breunig.cc>	2024-05-22 21:33:06 +0200
commit	7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070 (patch)
tree	6c20a009f5f64fc7d71c8290eac2f7330291630f /interface-definitions/include
parent	252ae4b0b9519c97164e8901ce192e104827102d (diff)
download	vyos-1x-7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070.tar.gz vyos-1x-7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070.zip