Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
* Henrique de Moraes Holschuh (email@example.com) [110820 14:39]:
> Yes. And we can easily maintain a current one for Debian-packaged software,
> although the initial build of such a blacklist will take some work.
Actually, the existing interface net.ipv4.ip_local_port_range seems to
work quite well. And there are so many ports that for most servers it
seems acceptable to limit the outgoing ports to only a tiny portion of
port numbers (like 1/4th or so).