>> * is it a flag (0 = use 1024..5000, 1 = use 49152..65535), or
>>   a `min' and `max' range. i prefer the latter, and have the kernel do
>>   some quick sanity checking at sysctl time.
>> 	my vote: net.inet.ip.userlow (low end of ephemeral port range),
>> 	and net.inet.ip.userhigh (high end)
>
>
>I highly, highly prefer the former. We *should* be using the IANA
>approved range. The reason for permitting the user to use the other
>range is because some users have difficulty with firewalls. It is fine
>to help out those users, but it is *not* necessary to give people
>enough flexibility to do useless and possibly dangerous things.

I dunno ... who's to say that you won't encounter _another_ broken
firewall, because another operating system uses a different ephemeral
port range?

I agree, we should be using the IANA range, and that definately should
be the default ... but I don't think adding this knob would be that
harmful.

--Ken