* Jörg Zimmermann wrote on Wed, Oct 03, 2001 at 11:04 +0200:
I'm using a host with iptables on it. My intention is, to allow a connect from a specific host outside our lan.
Outside your LAN there are people that happily use any port you open.
Therefore i want to restrict the client-port's, to 1000-1023.
I cannot see why this should increase security. Better filter by IP source (and destination), use tcp wrapper and good protected keys. Usually linux local port range is 1024-4999 IIRC, you can set this up via /proc but I don't think that this is useful. This settings affect the whole system. I assume it would break many things if you set local port range below 1023, BTW. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.