Allow explicitly setting Source Hash Key#3204
Conversation
This key is randomly assigned unless set every time the ruleset is loaded. In order to make it persist, allow setting it to a predetermined value.
|
This most likely needs a bit of tidying, which I'm happy to do in case it seems like a worthwhile merge. It's at this stage mostly a quick proof of concept. Perhaps it has other impacts I'm not aware of? |
|
@fredronnv what is the use-case for this? |
When using a pool as NAT translation, in our case a /23, we like to have a predictable translation for clients, so a particular client will always be translated to the same external address, even if the ruleset is modified. Currently if you choose source-hash, pfctl will generate a random value as the source hash key every time the ruleset is loaded, which means that clients will not maintain their external address translation. |
|
sounds reasonable, let me look at this. |
- strict page validation - disable input's when hidden (generic page issue)
|
@fredronnv thanks! did a small cleanup while there. |
2 participants
This key is randomly assigned unless set every time the ruleset is
loaded. In order to make it persist, allow setting it to a predetermined
value.