libunbound and limiting outgoing ports?

Paul Wouters paul at nohats.ca
Tue Jan 29 15:50:25 UTC 2019


On Mon, 28 Jan 2019, Wouter Wijngaards via Unbound-users wrote:

>> For the unbound daemon we can set:
>>
>>     outgoing-port-permit: 32768-60999
>>     outgoing-port-avoid: 0-32767
>>
>> Is there a way for a libunbound context to put in the same limitations?
>
> Yes, you can read a config file or use ub_ctx_set_option.
>
> For your example this would be:
> ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
> ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");

Štěpán did some testing for us and it seems libunbound is not
honouring this. It must be specific daemon.c code that enforces this
for the unbound daemon ?

It would be good to get libunbound to honour this as well, so it does
not get caught in SElinux denials.

Paul



More information about the Unbound-users mailing list