diff options
author | Rui Paulo <rpaulo@FreeBSD.org> | 2008-03-04 19:16:21 +0000 |
---|---|---|
committer | Rui Paulo <rpaulo@FreeBSD.org> | 2008-03-04 19:16:21 +0000 |
commit | 1cf6e4f5ffc6d1d3bcaed0292981886669eebfb8 (patch) | |
tree | 064c21c9a6ada7c2e05994e23247134c92d7a6cb /share/mk | |
parent | b9b482710e84f69ad3a787cd0f037213f31d1210 (diff) | |
download | src-1cf6e4f5ffc6d1d3bcaed0292981886669eebfb8.tar.gz src-1cf6e4f5ffc6d1d3bcaed0292981886669eebfb8.zip |
Change the default port range for outgoing connections by introducing
IPPORT_EPHEMERALFIRST and IPPORT_EPHEMERALLAST with values
10000 and 65535 respectively.
The rationale behind is that it makes the attacker's life more
difficult if he/she wants to guess the ephemeral port range and
also lowers the probability of a port colision (described in
draft-ietf-tsvwg-port-randomization-01.txt).
While there, remove code duplication in in_pcbbind_setup().
Submitted by: Fernando Gont <fernando at gont.com.ar>
Approved by: njl (mentor)
Reviewed by: silby, bms
Discussed on: freebsd-net
Notes
Notes:
svn path=/head/; revision=176805
Diffstat (limited to 'share/mk')
0 files changed, 0 insertions, 0 deletions