On Wed, May 04, 2022 at 12:41:54PM +0200, Carsten Bormann wrote: > On 2022-05-04, at 11:41, Willy Tarreau <[email protected]> wrote: > > > > 32768..61000 (the default range on Linux). > > Right. > > So I'm fully aware that this is no longer as clean-cut as it used to be. > > My question was less about the situation that we have, but whether it would > make sense to move forward to a more common, more clear-cut situation. > > Transition of course is left as an exercise to the reader, but as features > like this would be used for losing packets under attack only, there is a lot > more leeway than for other global changes of the network.
I don't see what else can be done except reminding that 1024-65535 is where the essential of the valid web traffic comes from. It's not possible to shrink it because the port ranges usually apply both to TCP and UDP and for TCP it's already scarce for some components which would extend it much beyond 16 bits if that were possible :-/ Just my two cents, Willy
