diff options
author | Christian Breunig <christian@breunig.cc> | 2024-05-22 21:31:32 +0200 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-05-23 14:19:40 +0000 |
commit | 2c94114a3fe13ab9adc0be5b953a97584f0ab541 (patch) | |
tree | 61c6e0eba717d7a545507558da69c6a301ba86fb /interface-definitions | |
parent | c9945d09c2ade1f110a1f3b3dc9c14a92ea4aa0e (diff) | |
download | vyos-1x-2c94114a3fe13ab9adc0be5b953a97584f0ab541.tar.gz vyos-1x-2c94114a3fe13ab9adc0be5b953a97584f0ab541.zip |
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
(cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/include/nat-translation-options.xml.i | 8 | ||||
-rw-r--r-- | interface-definitions/include/version/nat-version.xml.i | 2 |
2 files changed, 3 insertions, 7 deletions
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i index 6b95de045..c8900590f 100644 --- a/interface-definitions/include/nat-translation-options.xml.i +++ b/interface-definitions/include/nat-translation-options.xml.i @@ -28,22 +28,18 @@ <properties> <help>Port mapping options</help> <completionHelp> - <list>random fully-random none</list> + <list>random none</list> </completionHelp> <valueHelp> <format>random</format> <description>Randomize source port mapping</description> </valueHelp> <valueHelp> - <format>fully-random</format> - <description>Full port randomization</description> - </valueHelp> - <valueHelp> <format>none</format> <description>Do not apply port randomization</description> </valueHelp> <constraint> - <regex>(random|fully-random|none)</regex> + <regex>(random|none)</regex> </constraint> </properties> <defaultValue>none</defaultValue> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 656da6e14..173e91ed3 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='7'></syntaxVersion> +<syntaxVersion component='nat' version='8'></syntaxVersion> <!-- include end --> |