Bugzilla – Bug 465
outgoing-port-permit requires manual outgoing-port-avoid first
Last modified: 2013-04-18 15:31:57 CEST
Created attachment 212 [details] clear port ranges automatically While investigating switching Unbound to use the OS port allocator on OpenBSD I noticed that outgoing-port-permit fails unless there's a prior outgoing-port-avoid statement to remove the default ports. Attached configparser.y diff clears the port range if outgoing-port-permit is the first port-range related configuration option. It's probably also worth making it clear in the sample config that options are additive (the manpage is already clear). --- doc/example.conf.in 23 Aug 2012 22:56:27 -0000 1.1.1.3 +++ doc/example.conf.in 28 Aug 2012 16:57:07 -0000 @@ -67,6 +67,8 @@ server: # Use this to make sure unbound does not grab a UDP port that some # other server on this computer needs. The default is to avoid # IANA-assigned port numbers. + # If multiple outgoing-port-permit and outgoing-port-avoid options + # are present, they are processed in order. # outgoing-port-avoid: "3200-3208" # number of outgoing simultaneous tcp buffers to hold per thread.
Hi Stu, The documentation patch is good, and applied. Do you want to avoid having to put outgoing-port-avoid: 0-65535 in the config file as the first outgoing-port line in unbound.conf? You seem to want to change the meaning of having a outgoing-port-permit: x as the first statement from 'additionally allow x with the defaults' to 'allow only x but not the defaults' ? I do not really have an issue with the patch code, but I want to know what you are trying to do. Best regards, Wouter
Hi, I think we should keep our defaults the way they are. The statements build on top of one another, without statements it starts with its builtin default ranges to allow/deny. (this denies the ports that have been IANA allocated). Please reopen this if you feel other actions are more appropriate. Best regards, Wouter