> It doesn't, yet, so running a DNS server behind m0n0wall while using
> PAT (not just 1:1 NAT) will undo the DNS server's query port
> randomization. ipfilter 4.1.30 apparently does source port
> randomization (from the change log: "2020447 IPFilter's NAT can undo
> name server random port selection") - I'll wait for it to appear in
> FreeBSD's CVS repository, and if it doesn't happen within a couple of
> days, I'll go through the trouble of importing 4.1.30 myself.
> But this is an entirely different beast than Dnsmasq's own
> randomization (which works fine in 1.3b13) - only people who run their
> own recursive DNS server behind m0n0wall are affected.
> - Manuel
CVS log for src/contrib/ipfilter/ip_fil.c
[BACK] Up to [FreeBSD] / src / contrib / ipfilter
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.7: download - view: text, markup, annotated - select for diffs
Thu Jul 24 12:35:05 2008 UTC (28 hours, 24 minutes ago) by darrenr
CVS tags: HEAD
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +15 -0 lines
SVN rev 180778 on 2008-07-24 12:35:05Z by darrenr
2020447 IPFilter's NAT can undo name server random port selection
Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
Does that mean it has been uploaded to FreeBSD's CVS ?
I'm not perfect, but I am forgiven.