Date: Fri, 12 Dec 2003 10:41:50 -0700 From: Brett Glass <brett@lariat.org> To: Barney Wolff <barney@databus.com> Cc: net@freebsd.org Subject: Re: Controlling ports used by natd Message-ID: <6.0.0.22.2.20031212103142.04611738@localhost> In-Reply-To: <20031212083522.GA24267@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:35 AM 12/12/2003, Barney Wolff wrote: >Oops, sorry for the confusion. How fancy a change is up to you, >but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN) >would let you confine the port range without much work. The current algorithm works so long as the blocked ports have numbers less than 32768. But there are now lots of Trojans and worms that use higher ports, and admins may want to block them. So, there ought to be a way to tell libalias "don't assign anything in this set of ports" -- via a list or a bitmap. If one can tap directly into libalias and make this a global restriction, it might be that other programs (e.g. ppp) could remain blissfully ignorant of it. If the restrictions were allowed to be different for different instances of programs that used libalias (for example, several instances of natd, each handling an interface with unique restrictions), one would have to modify the API of libalias, which might break code if not done carefully. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031212103142.04611738>