Bugzilla – Bug 465
outgoing-port-permit requires manual outgoing-port-avoid first
Last modified: 2013-04-18 15:31:57 CEST
Created attachment 212 [details]
clear port ranges automatically
While investigating switching Unbound to use the OS port allocator on OpenBSD I noticed that outgoing-port-permit fails unless there's a prior outgoing-port-avoid statement to remove the default ports.
Attached configparser.y diff clears the port range if outgoing-port-permit is the first port-range related configuration option.
It's probably also worth making it clear in the sample config that options are additive (the manpage is already clear).
--- doc/example.conf.in 23 Aug 2012 22:56:27 -0000 18.104.22.168
+++ doc/example.conf.in 28 Aug 2012 16:57:07 -0000
@@ -67,6 +67,8 @@ server:
# Use this to make sure unbound does not grab a UDP port that some
# other server on this computer needs. The default is to avoid
# IANA-assigned port numbers.
+ # If multiple outgoing-port-permit and outgoing-port-avoid options
+ # are present, they are processed in order.
# outgoing-port-avoid: "3200-3208"
# number of outgoing simultaneous tcp buffers to hold per thread.
The documentation patch is good, and applied.
Do you want to avoid having to put
outgoing-port-avoid: 0-65535 in the config file as the first outgoing-port line in unbound.conf?
You seem to want to change the meaning of having a outgoing-port-permit: x as the first statement from 'additionally allow x with the defaults' to 'allow only x but not the defaults' ?
I do not really have an issue with the patch code, but I want to know what you are trying to do.
I think we should keep our defaults the way they are. The statements build on top of one another, without statements it starts with its builtin default ranges to allow/deny. (this denies the ports that have been IANA allocated).
Please reopen this if you feel other actions are more appropriate.
Best regards, Wouter