Date: Tue, 26 Sep 2006 13:53:44 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: Danny Braniss <danny@cs.huji.ac.il> Cc: freebsd-net@freebsd.org Subject: RE: IPMI & portrange Message-ID: <XFMail.20060926135344.jdp@polstra.com> In-Reply-To: <E1GS7Rr-0006b7-EH@cs1.cs.huji.ac.il>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26-Sep-2006 Danny Braniss wrote: > This keeps bitting me every other upgrade, IPMI on some > hosts, if enabled, will steal packets to port 623 or 664, so > the current solution is either set net.inet.ip.portrange.lowlast > to 664, (for some reason this does not seem to work if done via > loader.conf) or change it in sys/netinet/in.h. > > So, is there some way to blacklist some ports, instead > of increasing portrange.lowlast? You could use your favorite scripting language to create a socket, bind it to the port, listen on it, and just sit there doing nothing -- for each port you want to blacklist. That would keep the ports from being used by anything else. John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20060926135344.jdp>