lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2012 14:18:27 +0900 From: fernando@...ellilink.co.jp To: David Miller <davem@...emloft.net> Cc: "shemminger@...tta.com" <shemminger@...tta.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: [PATCH 2/2] TCP: Use 32768-65535 outgoing port range by default Quoting David Miller <davem@...emloft.net>: > From: fernando@...ellilink.co.jp > Date: Tue, 3 Apr 2012 09:50:18 +0900 > >> There was a time when the ip masquerading code reserved the >> 61000-65095 port range, which is the reason why the current default >> upper limit in ip_local_port_range is 61000. However, the current >> iptables-based masquerading and SNAT implementation does not have >> that restriction; ipchains and the compatibilty mode that used the >> range over 61000 exclusively is lone gone. > > I don't think so, anyone out there using "--to-port 61000-65095" > or similar in their firewall setup will suddenly break with > your change. Yes, I considered that. The thing is that certain non-linux hosts already use a superset of the 61000-65095 range and 61000 looks like a magic number to most users. I just thought that anyone using --to-ports would set ip_local_port_range accordingly. Do you want me to document where 61000 comes from instead? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists