|
|
| Resend iptables: add random option to
SNAT |
 
France |
2007-02-05 07:25:50 |
|
Hi,
This is a resend of :
http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=36
Merge window for 2.6.21 is open and kernel part of the feature should
reach kernel tree soon...
BR,
--
Éric Leblond, eleblond inl.fr
Téléphone : 01 44 89 46 39, Fax : 01 44 89 45 01
INL, http://www.inl.fr
|
 Approximate file size 10316 bytes |
| Re: Resend iptables: add random option
to SNAT |
 
Germany |
2007-02-05 09:06:01 |
Eric Leblond wrote:
> Hi,
>
> This is a resend of :
> http://patchwork.netfilter.org/netfilter-devel/patc
h.pl?id=36
>
> Merge window for 2.6.21 is open and kernel part of the
feature should
> reach kernel tree soon...
I'm in the process of preparing my patches for upstream
submission
(which include your random patch). I'll look into the
userspace patch
after that, I'm not a big fan of the :random syntax.
|
|
| Re: Resend iptables: add random option
to SNAT |
France |
2007-02-05 09:55:33 |
Hi,
Le lundi 05 février 2007 à 16:06 +0100, Patrick McHardy a
écrit :
> Eric Leblond wrote:
> I'm in the process of preparing my patches for upstream
submission
> (which include your random patch).
Great.
> I'll look into the userspace patch
> after that, I'm not a big fan of the :random syntax.
I make this choice because iptables had the capabilities to
have
multiple NAT ranges and hence randomization has to be linked
with the
range.
But we can also assume to have a per iptables rule switch. I
can rewrite
my patch in this way if you want.
BR,
--
Éric Leblond, eleblondinl.fr
Téléphone : 01 44 89 46 39, Fax : 01 44 89 45 01
INL, http://www.inl.fr
|
|
| Re: Resend iptables: add random option
to SNAT |
Germany |
2007-02-12 07:40:13 |
Eric Leblond wrote:
>>I'll look into the userspace patch
>>after that, I'm not a big fan of the :random
syntax.
>
>
> I make this choice because iptables had the
capabilities to have
> multiple NAT ranges and hence randomization has to be
linked with the
> range.
Not anymore since since rustynat changes (~2.6.12).
>
> But we can also assume to have a per iptables rule
switch. I can rewrite
> my patch in this way if you want.
I think I would prefer that.
|
|
| Re: Resend iptables: add random option
to SNAT |
Germany |
2007-02-12 12:38:08 |
On Feb 12 2007 14:40, Patrick McHardy wrote:
>Eric Leblond wrote:
>>>I'll look into the userspace patch
>>>after that, I'm not a big fan of the :random
syntax.
>>
>>
>> I make this choice because iptables had the
capabilities to have
>> multiple NAT ranges and hence randomization has to
be linked with the
>> range.
>
>Not anymore since since rustynat changes (~2.6.12).
So what's the proper way to do that then?
Jan
--
ft: http://freshmeat.
net/p/chaostables/
|
|
| Re: Resend iptables: add random option
to SNAT |
Germany |
2007-02-12 13:38:59 |
Jan Engelhardt wrote:
> On Feb 12 2007 14:40, Patrick McHardy wrote:
>
>>Eric Leblond wrote:
>>
>>>I make this choice because iptables had the
capabilities to have
>>>multiple NAT ranges and hence randomization has
to be linked with the
>>>range.
>>
>>Not anymore since since rustynat changes (~2.6.12).
>
>
> So what's the proper way to do that then?
There is none, nobody was using it.
|
|
| Re: Resend iptables: add random option
to SNAT |
France |
2007-02-24 08:10:44 |
|
| Hi,
Le lundi 12 février 2007 à 14:40 +0100, Patrick McHardy a écrit :
> > But we can also assume to have a per iptables rule switch. I can rewrite
> > my patch in this way if you want.
>
> I think I would prefer that.
Here's the corresponding patch. It adds a --random flags to SNAT, SAME
and MASQUERADE targets.
I've also updated man pages by adding this --random option.
BR,
--
Eric Leblond inl.fr>
INL
|
| Approximate file size 11612 bytes |
| Re: Resend iptables: add random option
to SNAT |
Germany |
2007-02-24 08:21:09 |
Eric Leblond wrote:
> Here's the corresponding patch. It adds a --random
flags to SNAT, SAME
> and MASQUERADE targets.
>
> I've also updated man pages by adding this --random
option.
Applied, thanks Eric.
|
|