libunbound and limiting outgoing ports?

Wouter Wijngaards wouter at nlnetlabs.nl
Wed Jan 30 10:31:00 UTC 2019


Hi Štěpán,

On 30/01/2019 10:55, Štěpán Brož wrote:
> Hello Wouter,
>
> st 30. 1. 2019 v 7:32 odesílatel Wouter Wijngaards <wouter at nlnetlabs.nl> napsal:
>> So, I think that, the config is working just fine, but there is no
>> statement to stop it from using ports above 61000. Hence the 63xxx port
>> number that you see.  If you want it to avoid the ports above 6100 you
>> need to add a statement to that effect.  You can have a number of
>> statements, they are processed in order.  So another
>> outgoing-port-avoid: 61000-65535 . That would stop the port number above
>> 61000 from getting picked.  Or start with outgoing-port-avoid: 0-65535
>> and then permit selectively.
>>
> Thank you! Yes, that appears to do the trick. And it's now obvious
> when reading the unbound.conf man page about outgoing-port-permit:
> "The processing starts with the  non  IANA  allocated ports above 1024
> in the set of allowed ports."
Nice to hear it is solved.
>
> Out of curiosity, was I reading the code wrong, or is daemon.c code
> used for library calls too?

That code is for the server, but the library uses the same code (from
config_file.c) to do it.  The section around the condense_ports function.

Best regards, Wouter

>
> Thank you for your help!
>
> Stepan



More information about the Unbound-users mailing list