From 15120d6e83c52149023273ac5da25fcdcb0ddd49 Mon Sep 17 00:00:00 2001 From: Apollon Oikonomopoulos Date: Fri, 10 May 2013 10:53:38 +0300 Subject: [PATCH] DNAT/SNAT: support persistent mappings Linux kernel since 2.6.30 and iptables since 1.4.4 support persistent SNAT/DNAT mappings via the `peristent' flag. The `persistent' flag supersedes the SAME target, which was removed from the Linux kernel in 2.6.25[1]. This patch adds the flag to the SNAT and DNAT targets. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb76c6a597350534d211ba79d92da1f9771f8226 --- src/ferm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ferm b/src/ferm index 7fbbf94..59840ae 100755 --- a/src/ferm +++ b/src/ferm @@ -297,7 +297,7 @@ add_target_def 'CLASSIFY', qw(set-class); add_target_def 'CLUSTERIP', qw(new*0 hashmode clustermac total-nodes local-node hash-init); add_target_def 'CONNMARK', qw(set-mark save-mark*0 restore-mark*0 mask); add_target_def 'CONNSECMARK', qw(save*0 restore*0); -add_target_def 'DNAT', qw(to-destination=m to:=to-destination random*0); +add_target_def 'DNAT', qw(to-destination=m to:=to-destination persistent*0 random*0); add_target_def 'DSCP', qw(set-dscp set-dscp-class); add_target_def 'ECN', qw(ecn-tcp-remove*0); add_target_def 'HL', qw(hl-set hl-dec hl-inc); @@ -317,7 +317,7 @@ add_target_def 'ROUTE', qw(oif iif gw continue*0 tee*0); add_target_def 'SAME', qw(to nodst*0 random*0); add_target_def 'SECMARK', qw(selctx); add_target_def 'SET', qw(add-set=sc del-set=sc); -add_target_def 'SNAT', qw(to-source=m to:=to-source random*0); +add_target_def 'SNAT', qw(to-source=m to:=to-source persistent*0 random*0); add_target_def 'TARPIT'; add_target_def 'TCPMSS', qw(set-mss clamp-mss-to-pmtu*0); add_target_def 'TOS', qw(set-tos and-tos or-tos xor-tos); -- 2.11.4.GIT