From be77eb5f2746a1cd78773c3b6d24ce158de70613 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net"
 </C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net>
Date: Tue, 29 May 2007 11:24:45 +0000
Subject: Add --random option to DNAT and REDIRECT targets and fix the manpage
 mess this option left behind.

---
 extensions/libipt_MASQUERADE.man | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'extensions/libipt_MASQUERADE.man')

diff --git a/extensions/libipt_MASQUERADE.man b/extensions/libipt_MASQUERADE.man
index 01dea51..ea3c8de 100644
--- a/extensions/libipt_MASQUERADE.man
+++ b/extensions/libipt_MASQUERADE.man
@@ -14,19 +14,17 @@ any established connections are lost anyway).  It takes one option:
 .TP
 .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
 This specifies a range of source ports to use, overriding the default
-.TP
-.BR "--random"
-Randomize source port mapping
-.TP
 .B SNAT
 source port-selection heuristics (see above).  This is only valid
 if the rule also specifies
 .B "-p tcp"
 or
 .BR "-p udp" .
+.TP
+.BR "--random"
+Randomize source port mapping
 If option
 .B "--random"
-is used then port mapping will be forcely randomized to avoid
-attacks based on port prediction (kernel >= 2.6.21).
-
-
+is used then port mapping will be randomized (kernel >= 2.6.21).
+.RS
+.PP
-- 
cgit v1.2.3