On Thu, Aug 27, 2009 at 3:09 PM, Chris Buechler<[email protected]> wrote: > On Thu, Aug 27, 2009 at 5:54 PM, David Rees<[email protected]> wrote: >> OK - I guess what I'm asking is this: >> >> I've just checked my particular pfSense box and aside from the nearly >> 1000 ports it's listening to from 19000+ for my NAT reflection rules, >> is there anything else keeping us from using a wider port range to >> allow even more NAT reflection rules to be used? > > There are some foot shooting possibilities if you aren't careful.
Any details on those? >> I don't see many other ports in use on localhost except for ssh, dns, >> pptp and a handful of ports ranging from 8021+ (which I believe are >> used for the FTP helper). I think that it may be helpful to be able >> to override the default starting port range and number as well as the >> maximum number of ports to use for NAT reflection. > > Having them configurable in System->Advanced is probably good. > >> I assume that working from a recent 1.2.3 snapshot OK? Do you think >> it will apply to the 2.0 branch as well? I have no idea how much the >> code there has changed... > > This wouldn't be accepted into RELENG_1_2 (1.2.x), that's strictly bug > fixes only and this isn't a bug - though not ideal, it works as > designed. The patch (preferably merge request in git) would have to be > to 2.0. 2.0 is considerably different in many ways, but this > particular part of the code base probably isn't much different. Hmm, if I just submit a patch which addresses #1931 and keeps duplicate nc entries out of inetd.conf without adding new features (which IMO is a bug), could that be accepted into the stable branch? Hate to say it, but I don't have a lot of interest in writing code for a release whose release schedule appears to be many, many, months away and I am not yet even testing in the lab. I am much more motivated to write code which has a good chance of seeing production use relatively soon. -Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
