El 7/8/25 a las 3:38, Grant Edwards escribió:
Also if you try to use one port from 32768 to one service you will be able to do so if it's not used by any other. Ports below 1024 has root privileges (CAP_NET_BIND_SERVICE) because of this, this services are critical, services from 1024 dont because they are not reserved to root.According to IANA (and before that ICANN and USC/ISI) port numbers from 1024 to 49151 are registerd ports, and are to be used for specific protocols. For example ports 2222 and 44818 are registered for used by the Ethernet/IP Rockwell PLC protocol.Dynamic or ephemeral ports are supposed to be in the range 49152-65535. Linux defaults to 32768-60999 for ephemeral ports. That clearly overlaps with a _lot_ of assigned/registered port numbers in the range 32786-49151. That seems just plain wrong. What am I missing? It's simple enough to change the ephemeral range so it doesn't overlap with registered port numbers, and it looks like I'm going to need to do that to avoid possible collisions in a project I'm working on. The question is why do I have to do that? The standards are pretty clear. Why does Linux default to being broken like that? -- Grant
Also, you can restrict using ports with iptables if you need for example. So, if you need this port always available, tell iptables that drop any connection from.
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature

