Document 'random' in the man pages

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7665 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-21 02:08:48 +02:00 · 2007-11-15 20:53:23 +00:00 · 2007-11-15 20:53:23 +00:00 · 1c93cd5e06
commit 1c93cd5e06
parent 6c1b9a558e
2 changed files with 19 additions and 7 deletions
--- a/manpages/shorewall-masq.xml
+++ b/manpages/shorewall-masq.xml
@ -125,8 +125,10 @@
        role="bold">-</emphasis>|[<emphasis
        role="bold">SAME:</emphasis>[<emphasis
        role="bold">nodst:</emphasis>]][<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
-        role="bold">-</emphasis><emphasis>highport</emphasis>]|<emphasis
-        role="bold">detect</emphasis>]</term>
+        role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
+        role="bold">:random</emphasis>]|<emphasis
+        role="bold">detect</emphasis>|<emphasis
+        role="bold">random</emphasis>]</term>

        <listitem>
          <para>If you specify an address here, SNAT will be used and this
@ -138,7 +140,13 @@
          <para>You may also specify a range of up to 256 IP addresses if you
          want the SNAT address to be assigned from that range in a
          round-robin fashion by connection. The range is specified by
-          <emphasis>first.ip.in.range</emphasis>-<emphasis>last.ip.in.range</emphasis>.</para>
+          <emphasis>first.ip.in.range</emphasis>-<emphasis>last.ip.in.range</emphasis>.
+          Beginning with Shorewall 4.0.6, you may follow the port range
+          with<emphasis role="bold"> :random</emphasis> in which case
+          assignment of ports from the list will be random. <emphasis
+          role="bold">random</emphasis> may also be specified by itself in
+          this column in which case random local port assignments are made for
+          the outgoing connections.</para>

          <para>Example: 206.124.146.177-206.124.146.180</para>

--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@ -618,7 +618,8 @@
        role="bold">+</emphasis>][<emphasis
        role="bold">-</emphasis>]}<emphasis
        role="bold">[:{</emphasis><emphasis>interface</emphasis>|<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]|<emphasis>exclusion</emphasis>|<emphasis
-        role="bold">+</emphasis><emphasis>ipset</emphasis>}][<option>:</option><replaceable>port</replaceable>]</term>
+        role="bold">+</emphasis><emphasis>ipset</emphasis>}][<option>:</option><replaceable>port</replaceable>[:<emphasis
+        role="bold">random</emphasis>]]</term>

        <listitem>
          <para>Location of Server. May be a zone declared in <ulink
@ -723,10 +724,13 @@
            a service name. Additionally, Shorewall-perl 4.0.5 and later
            permit specifying a port range in the form
            <emphasis>lowport-highport</emphasis> to cause connections to be
-            assigned to ports in the range in round-robin fashion. In that
-            case, <emphasis>lowport</emphasis> and
+            assigned to ports in the range in round-robin fashion. When a port
+            range is specified, <emphasis>lowport</emphasis> and
            <emphasis>highport</emphasis> must be given as integers; service
-            names are not permitted.</para>
+            names are not permitted. Beginning with Shorewall 4.0.6, the port
+            range may be optionally followed by <emphasis
+            role="bold">:random</emphasis> which causes assignment to ports in
+            the list will be random.</para>

            <para>If the <emphasis role="bold">ACTION</emphasis> is <emphasis
            role="bold">REDIRECT</emphasis> or <emphasis