diff options
| author | Eric Leblond <eric@inl.fr> | 2007-02-24 15:11:33 +0000 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2007-02-24 15:11:33 +0000 |
| commit | ae4b0b3aa70c67f2eff303a3e75834e45c3794a7 (patch) | |
| tree | 206f258318c77aefd215255edfc680f39311dc6d /extensions/libipt_MASQUERADE.man | |
| parent | ee9e2205dfd53ffc35495dd60b43c59b77aa3839 (diff) | |
iptables: add random option to SNAT (Eric Leblond)
Diffstat (limited to 'extensions/libipt_MASQUERADE.man')
| -rw-r--r-- | extensions/libipt_MASQUERADE.man | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/extensions/libipt_MASQUERADE.man b/extensions/libipt_MASQUERADE.man index e82063cc..01dea51c 100644 --- a/extensions/libipt_MASQUERADE.man +++ b/extensions/libipt_MASQUERADE.man @@ -14,9 +14,19 @@ any established connections are lost anyway). It takes one option: .TP .BR "--to-ports " "\fIport\fP[-\fIport\fP]" This specifies a range of source ports to use, overriding the default +.TP +.BR "--random" +Randomize source port mapping +.TP .B SNAT source port-selection heuristics (see above). This is only valid if the rule also specifies .B "-p tcp" or .BR "-p udp" . +If option +.B "--random" +is used then port mapping will be forcely randomized to avoid +attacks based on port prediction (kernel >= 2.6.21). + + |