diff options
Diffstat (limited to 'extensions/libipt_SAME.man')
-rw-r--r-- | extensions/libipt_SAME.man | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/extensions/libipt_SAME.man b/extensions/libipt_SAME.man index 817c200..a99dc73 100644 --- a/extensions/libipt_SAME.man +++ b/extensions/libipt_SAME.man @@ -1,11 +1,17 @@ Similar to SNAT/DNAT depending on chain: it takes a range of addresses -(`--to 1.2.3.4-1.2.3.7') and gives a client the same +(`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same source-/destination-address for each connection. +.PP +N.B.: The DNAT target's \fB\-\-persistent\fP option replaced the SAME target. .TP -.BI "--to " "<ipaddr>-<ipaddr>" +\fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP] Addresses to map source to. May be specified more than once for multiple ranges. .TP -.B "--nodst" +\fB\-\-nodst\fP Don't use the destination-ip in the calculations when selecting the new source-ip +.TP +\fB\-\-random\fP +Port mapping will be forcibly randomized to avoid attacks based on +port prediction (kernel >= 2.6.21). |