http://bugzilla.suse.com/show_bug.cgi?id=1088367 Bug ID: 1088367 Summary: unbound.conf outgoing-port-avoid Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: jmader2@gmu.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The default unbound.conf v1.5.10 states, # Our SElinux policy does not allow non-ephemeral ports to be used Then proceeds to set, outgoing-port-permit: 32768-65535 outgoing-port-avoid: 0-32767 Except, the ephemeral ports are, $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 60999 And unbound already takes care to avoid <1024 and about 90 IANA reserved ports that fall in the ephemeral range. There does not seem to be a need to start with outgoing-port-permit, just to avoid some additional ports. Recommend, # Our SElinux policy does not allow non-ephemeral ports to be used outgoing-port-avoid: 1024-32767 outgoing-port-avoid: 49151 # IANA Reserved outgoing-port-avoid: 61000-65535 -- You are receiving this mail because: You are on the CC list for the bug.