Allow turning off fully-random masquerade flag #2273
Description
Currently fully-random is always enabled if it is supported. For some applications, like tailscale pods it is beneficial to use the default NAT behaviour where ports are preserved, as this makes direct connections easier.
table ip flannel-ipv4 {
comment "rules for flannel-ipv4"
chain postrtg {
comment "chain to manage traffic masquerading by flannel"
...
ip saddr 10.244.0.0/16 ip daddr != 224.0.0.0/4 masquerade fully-random
ip saddr != 10.244.0.0/16 ip daddr 10.244.0.0/16 masquerade fully-random
}
]