Re: Default DENY with ipchains

To: "Srebrenko Sehic" <haver@aub.dk>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: Default DENY with ipchains
From: James Antill <james@and.org>
Date: 19 Oct 2000 18:40:49 -0400
Message-id: <[🔎] nn66moxxn2.fsf@code.and.org>
In-reply-to: "Srebrenko Sehic"'s message of "Thu, 19 Oct 2000 23:07:16 +0200"
References: <[🔎] 000b01c03a10$8f514690$0200a8c0@aub.dk>

"Srebrenko Sehic" <haver@aub.dk> writes:

> Hello
> 
> Is is possible to prevent ordinary users from opening unprivliged ports
> (>1024 tcp/udp)? If yes, how?
> 
> I've tried virtually every possible way to do this, but with no luck.

 As far as I know you can't do it with firewall rules.
 However you could _try_ just changing PROT_SOCK in
linux/include/net/sock.h from 1024 to 65535.

 If that breaks you get to keep both pieces etc.

-- 
James Antill -- james@and.org
"If we can't keep this sort of thing out of the kernel, we might as well
pack it up and go run Solaris." -- Larry McVoy.

Reply to:

Follow-Ups:
- Re: Default DENY with ipchains
  - From: Steve Bowman <sbowman@frostwork.net>

References:
- Default DENY with ipchains
  - From: "Srebrenko Sehic" <haver@aub.dk>

Prev by Date: Default DENY with ipchains
Next by Date: Re: Default DENY with ipchains
Previous by thread: Default DENY with ipchains
Next by thread: Re: Default DENY with ipchains
Index(es):
- Date
- Thread