From owner-freebsd-security  Wed Jun 28 10:16:10 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id B1C9637B795; Wed, 28 Jun 2000 10:16:02 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id TAA12958;
	Wed, 28 Jun 2000 19:15:58 +0200 (CEST)
	(envelope-from des@flood.ping.uio.no)
To: Visigoth <visigoth@telemere.net>
Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: new ftpd feature...
References: <Pine.BSF.4.21.0006281121480.67967-300000@shell.telemere.net>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 28 Jun 2000 19:15:58 +0200
In-Reply-To: Visigoth's message of "Wed, 28 Jun 2000 11:40:22 -0500 (CDT)"
Message-ID: <xzpr99hwwtt.fsf@flood.ping.uio.no>
Lines: 17
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Visigoth <visigoth@telemere.net> writes:
> [patches to limit the range of ports used for passive FTP]

des@flood ~% sysctl -A | grep portrange
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

ftpd uses ports in the high range, just adjust the last two sysctls
and you'll be fine.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message