From owner-freebsd-security  Thu Mar  8 11:34: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id 0BB4737B718
	for <security@FreeBSD.ORG>; Thu,  8 Mar 2001 11:34:02 -0800 (PST)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id f28JXlQ08840;
	Thu, 8 Mar 2001 11:33:47 -0800
Date: Thu, 8 Mar 2001 11:33:47 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Christopher Schulte <christopher@schulte.org>
Cc: "oldfart@gtonet" <oldfart@gtonet.net>, security@FreeBSD.ORG
Subject: Re: strange messages
Message-ID: <20010308113347.A7928@Odin.AC.HMC.Edu>
References: <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net> <20010308100755.A13090@Odin.AC.HMC.Edu> <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net> <20010308103500.C13090@Odin.AC.HMC.Edu> <5.0.2.1.0.20010308130833.00adec88@pop.schulte.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <5.0.2.1.0.20010308130833.00adec88@pop.schulte.org>; from christopher@schulte.org on Thu, Mar 08, 2001 at 01:12:41PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 08, 2001 at 01:12:41PM -0600, Christopher Schulte wrote:
> You can convince the kernel to use a more user-defined port range(s) for=
=20
> dynamic outbound connections with a few sysctl vars, thus making firewall=
=20
> confs a bit easier to craft and maintain:
>=20
> `sysctl -a | grep portrange`

Is there some actual documentation on what these do somewhere?  Just
being able to limit the range of arbitrary ports don't do anything, but
I can't see what else you could do with these.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--7AUc2qLy4jB3hD7Z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6p96aXY6L6fI4GtQRAsW6AKDgvjNPfnypduzN1pESNWkCT6m2QQCgiBPI
fmNeYoJPZW7BoCwehmd0RUU=
=Du3l
-----END PGP SIGNATURE-----

--7AUc2qLy4jB3hD7Z--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message