Hi Paul, On 1/24/19 4:07 PM, Paul Wouters via Unbound-users wrote: > > Hi, > > For the unbound daemon we can set: > > outgoing-port-permit: 32768-60999 > outgoing-port-avoid: 0-32767 > > Is there a way for a libunbound context to put in the same limitations?
Yes, you can read a config file or use ub_ctx_set_option. For your example this would be: ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999"); ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767"); Best regards, Wouter > > We are seeing that sometimes libreswan's use of libunbound triggers > selinux denials and I suspect it is due to the use of ephemeral ports. > > Paul
signature.asc
Description: OpenPGP digital signature
