Ayland wrote:
> Is it right to set accept rule to all ports from 1024 to 65535 except
> some system listening ports...
You only need to accept the unbound local ports used for outgoing
connections. See /proc/sys/net/ipv4/ip_local_port_range (defaults to
1024-4999). To make life easier in the filters it is probably a good
idea to move the port range to where no services are listening, for
example 32768-60000 or something like that.
-- Henrik Nordstrom Squid Hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Sep 13 2000 - 13:20:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:17 MST