Date: Tue, 26 Sep 2006 16:27:52 -0500 From: Brooks Davis <brooks@one-eyed-alien.net> To: John Polstra <jdp@polstra.com> Cc: Danny Braniss <danny@cs.huji.ac.il>, freebsd-net@freebsd.org Subject: Re: IPMI & portrange Message-ID: <20060926212751.GA53219@lor.one-eyed-alien.net> In-Reply-To: <XFMail.20060926135344.jdp@polstra.com> References: <E1GS7Rr-0006b7-EH@cs1.cs.huji.ac.il> <XFMail.20060926135344.jdp@polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 26, 2006 at 01:53:44PM -0700, John Polstra wrote: > On 26-Sep-2006 Danny Braniss wrote: > > This keeps bitting me every other upgrade, IPMI on some > > hosts, if enabled, will steal packets to port 623 or 664, so > > the current solution is either set net.inet.ip.portrange.lowlast > > to 664, (for some reason this does not seem to work if done via > > loader.conf) or change it in sys/netinet/in.h. > >=20 > > So, is there some way to blacklist some ports, instead > > of increasing portrange.lowlast? >=20 > You could use your favorite scripting language to create a socket, > bind it to the port, listen on it, and just sit there doing nothing > -- for each port you want to blacklist. That would keep the ports > from being used by anything else. Extending the internal service functionality of inetd might be a good approach for this sort of thing. The current method of service matching based on port and protocol could be augmented with the ability to connect arbitrary "internal" services to arbitrary ports, perhaps via arguments to the "internal" command. Then you could hook discard to ports you don't want to use. -- Brooks --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFGZtXXY6L6fI4GtQRAlIsAKDUuhz58u+zLBAjBIaEcyu/lr/4qwCffAQK d2ZamQ29W0JMoS1cbhnbEis= =OXNX -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060926212751.GA53219>