libunbound and limiting outgoing ports?

Wouter Wijngaards wouter at
Mon Jan 28 10:03:07 UTC 2019

Hi Paul,

On 1/24/19 4:07 PM, Paul Wouters via Unbound-users wrote:
> Hi,
> For the unbound daemon we can set:
>     outgoing-port-permit: 32768-60999
>     outgoing-port-avoid: 0-32767
> Is there a way for a libunbound context to put in the same limitations?

Yes, you can read a config file or use ub_ctx_set_option.

For your example this would be:
ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");

Best regards, Wouter

> We are seeing that sometimes libreswan's use of libunbound triggers
> selinux denials and I suspect it is due to the use of ephemeral ports.
> Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Unbound-users mailing list