From owner-freebsd-net@FreeBSD.ORG Tue Sep 26 20:54:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86C7D16A412 for ; Tue, 26 Sep 2006 20:54:00 +0000 (UTC) (envelope-from jdp@polstra.com) Received: from blake.polstra.com (blake.polstra.com [64.81.189.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DDBE43D5A for ; Tue, 26 Sep 2006 20:53:58 +0000 (GMT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [64.81.189.67]) by blake.polstra.com (8.13.6/8.13.6) with ESMTP id k8QKriTm068505; Tue, 26 Sep 2006 13:53:45 -0700 (PDT) (envelope-from jdp@polstra.com) Message-ID: X-Mailer: XFMail 1.5.5 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Tue, 26 Sep 2006 13:53:44 -0700 (PDT) From: John Polstra To: Danny Braniss Cc: freebsd-net@freebsd.org Subject: RE: IPMI & portrange X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2006 20:54:00 -0000 On 26-Sep-2006 Danny Braniss wrote: > This keeps bitting me every other upgrade, IPMI on some > hosts, if enabled, will steal packets to port 623 or 664, so > the current solution is either set net.inet.ip.portrange.lowlast > to 664, (for some reason this does not seem to work if done via > loader.conf) or change it in sys/netinet/in.h. > > So, is there some way to blacklist some ports, instead > of increasing portrange.lowlast? You could use your favorite scripting language to create a socket, bind it to the port, listen on it, and just sit there doing nothing -- for each port you want to blacklist. That would keep the ports from being used by anything else. John