El 7/8/25 a las 3:38, Grant Edwards escribió:
According to IANA (and before that ICANN and USC/ISI) port numbers
from 1024 to 49151 are registerd ports, and are to be used for
specific protocols. For example ports 2222 and 44818 are registered
for used by the Ethernet/IP Rockwell PLC protocol.

Dynamic or ephemeral ports are supposed to be in the range
49152-65535.

Linux defaults to 32768-60999 for ephemeral ports. That clearly
overlaps with a _lot_ of assigned/registered port numbers in the range
32786-49151.

That seems just plain wrong. What am I missing?

It's simple enough to change the ephemeral range so it doesn't overlap
with registered port numbers, and it looks like I'm going to need to
do that to avoid possible collisions in a project I'm working on. The
question is why do I have to do that? The standards are pretty clear.
Why does Linux default to being broken like that?

--
Grant




Also if you try to use one port from 32768 to one service you will be able to do so if it's not used by any other. Ports below 1024 has root privileges (CAP_NET_BIND_SERVICE) because of this, this services are critical, services from 1024 dont because they are not reserved to root.

Also, you can restrict using ports with iptables if you need for example. So, if you need this port always available, tell iptables that drop any connection from.


Attachment: OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to