On Thu, Aug 27, 2009 at 3:09 PM, Chris Buechler<[email protected]> wrote:
> On Thu, Aug 27, 2009 at 5:54 PM, David Rees<[email protected]> wrote:
>> OK - I guess what I'm asking is this:
>>
>> I've just checked my particular pfSense box and aside from the nearly
>> 1000 ports it's listening to from 19000+ for my NAT reflection rules,
>> is there anything else keeping us from using a wider port range to
>> allow even more NAT reflection rules to be used?
>
> There are some foot shooting possibilities if you aren't careful.

Any details on those?

>> I don't see many other ports in use on localhost except for ssh, dns,
>> pptp and a handful of ports ranging from 8021+ (which I believe are
>> used for the FTP helper).  I think that it may be helpful to be able
>> to override the default starting port range and number as well as the
>> maximum number of ports to use for NAT reflection.
>
> Having them configurable in System->Advanced is probably good.
>
>> I assume that working from a recent 1.2.3 snapshot OK?  Do you think
>> it will apply to the 2.0 branch as well?  I have no idea how much the
>> code there has changed...
>
> This wouldn't be accepted into RELENG_1_2 (1.2.x), that's strictly bug
> fixes only and this isn't a bug - though not ideal, it works as
> designed. The patch (preferably merge request in git) would have to be
> to 2.0. 2.0 is considerably different in many ways, but this
> particular part of the code base probably isn't much different.

Hmm, if I just submit a patch which addresses #1931 and keeps
duplicate nc entries out of inetd.conf without adding new features
(which IMO is a bug), could that be accepted into the stable branch?

Hate to say it, but I don't have a lot of interest in writing code for
a release whose release schedule appears to be many, many, months away
and I am not yet even testing in the lab.  I am much more motivated to
write code which has a good chance of seeing production use relatively
soon.

-Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to