[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default DENY with ipchains

"Srebrenko Sehic" <haver@aub.dk> writes:

> Hello
> Is is possible to prevent ordinary users from opening unprivliged ports
> (>1024 tcp/udp)? If yes, how?
> I've tried virtually every possible way to do this, but with no luck.

 As far as I know you can't do it with firewall rules.
 However you could _try_ just changing PROT_SOCK in
linux/include/net/sock.h from 1024 to 65535.

 If that breaks you get to keep both pieces etc.

James Antill -- james@and.org
"If we can't keep this sort of thing out of the kernel, we might as well
pack it up and go run Solaris." -- Larry McVoy.

Reply to: