![](https://seccdn.libravatar.org/avatar/ffe091528897bddc48231bf3a94660df.jpg?s=120&d=mm&r=g)
So, in my firewall script I have no possibility to decide if an incoming packet to a port in this range is to be allowed or not. If I have seperate port ranges for local and masqueraded connection, this decision can be based on the port range. OTOH, I don't know if a program cannot be told to use a port outside the local portrange. I suppose it can, in which case this discussion would be somewhat useless.
When using ssh as root it used <1024 when I tried. That's quite nice because so root connection attempts from the firewall are denied automatically by my chains. - Martin --- The Internet was invented as a highly dependable, high-speed, distributed, secure, and powerful network so that in the event of a nuclear crisis, military officials would always have access to pornography.