Maintained by: NLnet Labs

[Unbound-users] wrong outgoing-port-permit port range handling?

Wouter Wijngaards
Mon Aug 4 12:21:18 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Beastie,

Beastie wrote:
| Thanks for you clear answer!
|
| Looks like I'm missed something while reading man unbound.conf, and
| get into misunderstanding about all this ranges ;)
|
| Feature request?
| May be it would be valuable to implement in the future releases of
| Unbound an new configuration option like outgoing-port-range: to be
| able clearly direct allowed ports range? It is not so important but
| may be valuable... Or append you explanation as a comment to the
| unbound.conf man page...

Glad to help. I'll see if I can explain in the unbound.conf man page.

Best regards,
~   Wouter

| 2008/8/4 Wouter Wijngaards <wouter at nlnetlabs.nl>:
| Hi Beastie,
|
| The default unbound port range is 1024 - 65535 with exceptions for IANA
| allocated ports and some ephemeral port ranges. You thought your range
| was the only range, but instead the permit and avoid lines are parsed in
| order, adding the permitted ports and subtracting the avoided ports from
| the set of ports allowed from use.
|
| Your outgoing-port-permit: 32768-65000 does not change much about it
| (well it removes the default IANA allocation exceptions in that range).
|
| If you want to stop unbound from using port numbers below 32768 use
|        outgoing-port-avoid: 0-32767
| and above 65000 with
|        outgoing-port-avoid: 65001-65535
|
| The two avoid lines make unbound do what you want it to (only take ports
| from 32768 to 65000)
|
| Best regards,
| ~   Wouter
|


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiW2B4ACgkQkDLqNwOhpPi1qACgrs3KmjcpoOn+6qLFFMVVG6RO
0n4AoKoGRt/KknclkCrnKxdV5BP5c3Yi
=l4zc
-----END PGP SIGNATURE-----