On Sat, 2011-08-20 at 16:17 +0200, Andreas Barth wrote: > * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]: > > Yes. And we can easily maintain a current one for Debian-packaged software, > > although the initial build of such a blacklist will take some work. > > Actually, the existing interface net.ipv4.ip_local_port_range seems to > work quite well. And there are so many ports that for most servers it > seems acceptable to limit the outgoing ports to only a tiny portion of > port numbers (like 1/4th or so). This has nothing to do with bindresvport(). Ben.
Attachment:
signature.asc
Description: This is a digitally signed message part