-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Beastie, Beastie wrote: | Thanks for you clear answer! | | Looks like I'm missed something while reading man unbound.conf, and | get into misunderstanding about all this ranges ;) | | Feature request? | May be it would be valuable to implement in the future releases of | Unbound an new configuration option like outgoing-port-range: to be | able clearly direct allowed ports range? It is not so important but | may be valuable... Or append you explanation as a comment to the | unbound.conf man page... Glad to help. I'll see if I can explain in the unbound.conf man page. Best regards, ~ Wouter | 2008/8/4 Wouter Wijngaards <wouter at nlnetlabs.nl>: | Hi Beastie, | | The default unbound port range is 1024 - 65535 with exceptions for IANA | allocated ports and some ephemeral port ranges. You thought your range | was the only range, but instead the permit and avoid lines are parsed in | order, adding the permitted ports and subtracting the avoided ports from | the set of ports allowed from use. | | Your outgoing-port-permit: 32768-65000 does not change much about it | (well it removes the default IANA allocation exceptions in that range). | | If you want to stop unbound from using port numbers below 32768 use | outgoing-port-avoid: 0-32767 | and above 65000 with | outgoing-port-avoid: 65001-65535 | | The two avoid lines make unbound do what you want it to (only take ports | from 32768 to 65000) | | Best regards, | ~ Wouter | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiW2B4ACgkQkDLqNwOhpPi1qACgrs3KmjcpoOn+6qLFFMVVG6RO 0n4AoKoGRt/KknclkCrnKxdV5BP5c3Yi =l4zc -----END PGP SIGNATURE-----