diff options
author | Phil Sutter <phil@nwl.cc> | 2022-11-02 21:54:41 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-11-11 19:13:10 +0100 |
commit | 7dbd1b1dd95449b1ab8c35cd35fe904eb35db374 (patch) | |
tree | 313c8e4c25e596d9a7e5150e4be5ecf56e3d8e4c /extensions/libxt_REDIRECT.t | |
parent | c3432977d9a5e6c5d8e835094dc8c466a5d64f03 (diff) |
extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks
SNAT, DNAT and REDIRECT extensions tried to prevent
NF_NAT_RANGE_PROTO_RANDOM flag from being set if no port or address was
also given.
With SNAT and DNAT, this is not possible as the respective
--to-destination or --to-source parameters are mandatory anyway.
Looking at the kernel code, doing so with REDIRECT seems harmless.
Moreover, nftables supports 'redirect random' without specifying a
port-range.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libxt_REDIRECT.t')
-rw-r--r-- | extensions/libxt_REDIRECT.t | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/extensions/libxt_REDIRECT.t b/extensions/libxt_REDIRECT.t index f607dd0a..362efa84 100644 --- a/extensions/libxt_REDIRECT.t +++ b/extensions/libxt_REDIRECT.t @@ -14,3 +14,4 @@ -p tcp -j REDIRECT --to-ports ftp-ssh;;FAIL -p tcp -j REDIRECT --to-ports 10-ssh;;FAIL -j REDIRECT --to-ports 42;;FAIL +-j REDIRECT --random;=;OK |