Subject: Re: anonymous port numbers (was NetBSD master CVS tree commits )
To: Luke Mewburn <>
From: Perry E. Metzger <>
List: tech-net
Date: 12/31/1997 10:47:50
Luke Mewburn writes:
> correct.  so, there's a couple of issues to resolve:
> * what section of sysctl do we put it under? i favour net.inet.ip.*,
>   as it's probably the closest to what the behaviour does (unless we
>   add another section, e.g, net.inet.misc.*)
> 	my vote: net.inet.ip.*

I don't care.

> * is it a flag (0 = use 1024..5000, 1 = use 49152..65535), or
>   a `min' and `max' range. i prefer the latter, and have the kernel do
>   some quick sanity checking at sysctl time.
> 	my vote: net.inet.ip.userlow (low end of ephemeral port range),
> 	and net.inet.ip.userhigh (high end)

I highly, highly prefer the former. We *should* be using the IANA
approved range. The reason for permitting the user to use the other
range is because some users have difficulty with firewalls. It is fine
to help out those users, but it is *not* necessary to give people
enough flexibility to do useless and possibly dangerous things.

> * should the sysctls be protected as net.inet.ip.forwsrcrt is (can't
>   change if securelevel >=1)
> 	my vote: protected

If it is just a flag for the two ranges, it probably makes little
difference whether it is protected or not.