On 2025/07/14 18:21, Matthieu Herrb wrote: > - it cannot run with reduced privileges unless it only listens to > ports > 1024, needing pf level redirects to get 443 ou 80.
this is sadly common in a lot of "modern" software, the number of docs I've read telling you to use 'setcap CAP_NET_BIND_SERVICE' on linux is way too high...(especially software written in go) > - also it cannot listen on both IPv4 and IPv6 sockets; it relies on > Linux default behaviour of v6 sockets accepting v4 connexions too. I don't run into this quite as often any more, but there are still a few (including the Javan elephant in the room) where you cannot run a single instance of the software dual-stack (and it's often impossible/unfeasible to run two copies concurrently) so the best you can do is to run in v6 mode, use some af-to mess for incoming, and DNS64 for outgoing... Not sure what can be done about it but it's a real problem in some cases.
