libunbound and limiting outgoing ports?
Paul Wouters
paul at nohats.ca
Tue Jan 29 15:50:25 UTC 2019
On Mon, 28 Jan 2019, Wouter Wijngaards via Unbound-users wrote:
>> For the unbound daemon we can set:
>>
>> outgoing-port-permit: 32768-60999
>> outgoing-port-avoid: 0-32767
>>
>> Is there a way for a libunbound context to put in the same limitations?
>
> Yes, you can read a config file or use ub_ctx_set_option.
>
> For your example this would be:
> ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
> ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");
Štěpán did some testing for us and it seems libunbound is not
honouring this. It must be specific daemon.c code that enforces this
for the unbound daemon ?
It would be good to get libunbound to honour this as well, so it does
not get caught in SElinux denials.
Paul
More information about the Unbound-users
mailing list