On Mon, 28 Jan 2019, Wouter Wijngaards via Unbound-users wrote:
For the unbound daemon we can set:
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
Is there a way for a libunbound context to put in the same limitations?
Yes, you can read a config file or use ub_ctx_set_option.
For your example this would be:
ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");
Štěpán did some testing for us and it seems libunbound is not
honouring this. It must be specific daemon.c code that enforces this
for the unbound daemon ?
It would be good to get libunbound to honour this as well, so it does
not get caught in SElinux denials.
Paul
