Rick Moen a écrit : > Quoting Vincent Deffontaines ([EMAIL PROTECTED]): > >> And the Linux kernel (Netfilter) implements NAT source port >> randomization >> since 2.6.21, which can make it a conveninent way to protect your natted >> hosts without any patching. >> >> See http://software.inl.fr/trac/wiki/contribs/RandomSkype for details. > > I believe this works on UDP traffic only starting with 2.6.24. See: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30 > http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24 >
No I confirm NAT source port randomization was included in 2.6.21 as far as Netfilter NAT is concerned. Commit is : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=41f4689a7c8cd76b77864461b3c58fde8f322b2c The 2.6.24 commit is Linux network stack, not Netfilter. Vincent -- On sait qu'une cité va devenir grande quand on y voit les anciens planter des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur ombre. Proverbe Grec -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]