On Sat, 20 Aug 2011, Andreas Barth wrote: > * Henrique de Moraes Holschuh (h...@debian.org) [110820 14:39]: > > Yes. And we can easily maintain a current one for Debian-packaged software, > > although the initial build of such a blacklist will take some work. > > Actually, the existing interface net.ipv4.ip_local_port_range seems to > work quite well. And there are so many ports that for most servers it
No, it doesn't. And we have at least one extremely important protocol that needs as many ports as we can give it (DNS). A blacklist is the way to go, and we already have it. We just need to fill it, make it easier to extend (.d directory), tell people about it, and teach stuff other than SunRPC to use it when necessary. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110821035156.ga32...@khazad-dum.debian.net
