On 4. May 2022, at 10:23, Willy Tarreau <[email protected]> wrote: > >> Instead of collecting wafting lists of undesirable ports, would it make sense >> to more architecturally partition port numbers between those used by servers >> and those used by clients? > > That's the point, and that has been done for more than 40 years now > by having unprivileged users only select ports >= 1024, resulting in > the range 1024:65535 being commonly used as the only valid source > range for incoming connections.
Sure. But I wasn’t talking about system ports (< 1024). Ephemeral ports (client ports) used to be 48*1024 up, and (user-level) servers were in 1*1024…48*1024. This has weakened over time, but maybe it is useful enough to use it more again. Grüße, Carsten
