libunbound and limiting outgoing ports?
Wouter Wijngaards
wouter at nlnetlabs.nl
Mon Jan 28 10:03:07 UTC 2019
Hi Paul,
On 1/24/19 4:07 PM, Paul Wouters via Unbound-users wrote:
>
> Hi,
>
> For the unbound daemon we can set:
>
> outgoing-port-permit: 32768-60999
> outgoing-port-avoid: 0-32767
>
> Is there a way for a libunbound context to put in the same limitations?
Yes, you can read a config file or use ub_ctx_set_option.
For your example this would be:
ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");
Best regards, Wouter
>
> We are seeing that sometimes libreswan's use of libunbound triggers
> selinux denials and I suspect it is due to the use of ephemeral ports.
>
> Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190128/6321312e/attachment.bin>
More information about the Unbound-users
mailing list