libunbound and limiting outgoing ports?
wouter at nlnetlabs.nl
Wed Jan 30 10:31:00 UTC 2019
On 30/01/2019 10:55, Štěpán Brož wrote:
> Hello Wouter,
> st 30. 1. 2019 v 7:32 odesílatel Wouter Wijngaards <wouter at nlnetlabs.nl> napsal:
>> So, I think that, the config is working just fine, but there is no
>> statement to stop it from using ports above 61000. Hence the 63xxx port
>> number that you see. If you want it to avoid the ports above 6100 you
>> need to add a statement to that effect. You can have a number of
>> statements, they are processed in order. So another
>> outgoing-port-avoid: 61000-65535 . That would stop the port number above
>> 61000 from getting picked. Or start with outgoing-port-avoid: 0-65535
>> and then permit selectively.
> Thank you! Yes, that appears to do the trick. And it's now obvious
> when reading the unbound.conf man page about outgoing-port-permit:
> "The processing starts with the non IANA allocated ports above 1024
> in the set of allowed ports."
Nice to hear it is solved.
> Out of curiosity, was I reading the code wrong, or is daemon.c code
> used for library calls too?
That code is for the server, but the library uses the same code (from
config_file.c) to do it. The section around the condense_ports function.
Best regards, Wouter
> Thank you for your help!
More information about the Unbound-users