Subject: Re: new sysctl - privilaged ports runtime option?
To: Rasputin <rasputin@idoru.mine.nu>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 08/11/2002 12:34:18
[ On Thursday, August 8, 2002 at 13:54:26 (+0100), Rasputin wrote: ]
> Subject: Re: new sysctl - privilaged ports runtime option?
>
> Does this change win anything over using something like ipnat to
> redirect inbound port 80 traffic -> 8888 , for example?
I would think not. Indeed using NOPRIVPORTS is _far_ "worse" (as in
generically much less secure) than using IPNAT. With IPNAT you've got
control over things like port 80 while not having to worry quite so much
about port 22 (or rather force your clients to worry about port 22).
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>