Hello Bryan, Sunday, July 27, 2003, 12:29:35 AM, you wrote:
Bryan> I originally asked this on misc@ with no response so I will try here. Bryan> Is there a way to get pf to never use specific ports? For example a Bryan> client on my LAN might send a request for a certain webpage which gets Bryan> sent to the gateway from a certain port we'll say, 43101. The Request Bryan> hits the gateway and then get's changed to another source port like Bryan> 12754. The problem is that 12754 will trigger a false postive in snort Bryan> that someone is scanning for a ddos mstream client handler. How (if Bryan> possible) can you create a list of ports than will never be used by pf? <OpenBSD FAQ> 6.6.3 - I don't want the kernel to dynamically allocate a certain port There is a sysctl for this also. From sysctl(8): Set the list of reserved TCP ports that should not be allocated by the kernel dynamically. This can be used to keep daemons from stealing a specific port that another program needs to function. List elements may be separated by commas and/or whitespace. # sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 It is also possible to add or remove ports from the current list. # sysctl -w net.inet.tcp.baddynamic=+748 # sysctl -w net.inet.tcp.baddynamic=-871 </OpenBSD FAQ> But you might be searching for sysctl -w net.inet.ip.portfirst=1024 sysctl -w net.inet.ip.portlast=49151 sysctl -w net.inet.ip.porthifirst=49152 sysctl -w net.inet.ip.porthilast=65535 >From http://www.seifried.org/security/technical/20020307-kernel-options.html Since they are _not_ documented on the man page. Should I send a documentation report? -- Best regards, Alejandro Belluscio
