From owner-freebsd-net@FreeBSD.ORG  Fri Dec 12 19:36:46 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9940816A4CE
	for <net@freebsd.org>; Fri, 12 Dec 2003 19:36:46 -0800 (PST)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8C70243D35
	for <net@freebsd.org>; Fri, 12 Dec 2003 19:36:44 -0800 (PST)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK))
	by gw.celabo.org (Postfix) with ESMTP
	id 9739E548A5; Fri, 12 Dec 2003 21:36:42 -0600 (CST)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 3E5126D45F; Fri, 12 Dec 2003 21:36:42 -0600 (CST)
Date: Fri, 12 Dec 2003 21:36:42 -0600
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Brett Glass <brett@lariat.org>
Message-ID: <20031213033642.GA76231@madman.celabo.org>
References: <200312120312.UAA10720@lariat.org>
	<20031212074519.GA23452@pit.databus.com>
	<6.0.0.22.2.20031212011133.047ae798@localhost>
	<20031212083522.GA24267@pit.databus.com>
	<6.0.0.22.2.20031212103142.04611738@localhost>
	<20031212181944.GA33245@pit.databus.com>
	<6.0.0.22.2.20031212161250.045e9408@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6.0.0.22.2.20031212161250.045e9408@localhost>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.4i-ja.1
cc: Barney Wolff <barney@databus.com>
cc: net@freebsd.org
Subject: Re: Controlling ports used by natd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2003 03:36:46 -0000

On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote:
> It'd be nice to restrict which ports the OS
> allowed apps to use, not only so that they don't get blocked by a firewall
> but so that a worm that's gotten into the system is detected. (You could set
> off an alarm if it tried to bind a "forbidden" port.)

Er, that's the purpose of PortSentry, I believe, which I mentioned
earlier :-)
-- 
Jacques Vidrine   NTT/Verio SME      FreeBSD UNIX       Heimdal
nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se