IPMI & portrange
John Polstra
jdp at polstra.com
Tue Sep 26 13:54:00 PDT 2006
On 26-Sep-2006 Danny Braniss wrote:
> This keeps bitting me every other upgrade, IPMI on some
> hosts, if enabled, will steal packets to port 623 or 664, so
> the current solution is either set net.inet.ip.portrange.lowlast
> to 664, (for some reason this does not seem to work if done via
> loader.conf) or change it in sys/netinet/in.h.
>
> So, is there some way to blacklist some ports, instead
> of increasing portrange.lowlast?
You could use your favorite scripting language to create a socket,
bind it to the port, listen on it, and just sit there doing nothing
-- for each port you want to blacklist. That would keep the ports
from being used by anything else.
John
More information about the freebsd-net
mailing list