Revision df23ccfe
Added by Scott Ullrich about 18 years ago
| cf/conf/config.xml | ||
|---|---|---|
| 5 | 5 |
<lastchange></lastchange> |
| 6 | 6 |
<theme>nervecenter</theme> |
| 7 | 7 |
<sysctl> |
| 8 |
<item> |
|
| 9 |
<desc>Set the ephemeral port range to be lower.</desc> |
|
| 10 |
<tunable>net.inet.ip.portrange.first</tunable> |
|
| 11 |
<value>1024</value> |
|
| 12 |
</item> |
|
| 8 | 13 |
<item> |
| 9 | 14 |
<desc>Drop packets to closed TCP ports without returning a RST</desc> |
| 10 | 15 |
<tunable>net.inet.tcp.blackhole</tunable> |
| conf.default/config.xml | ||
|---|---|---|
| 5 | 5 |
<lastchange></lastchange> |
| 6 | 6 |
<theme>nervecenter</theme> |
| 7 | 7 |
<sysctl> |
| 8 |
<item> |
|
| 9 |
<desc>Set the ephemeral port range to be lower.</desc> |
|
| 10 |
<tunable>net.inet.ip.portrange.first</tunable> |
|
| 11 |
<value>1024</value> |
|
| 12 |
</item> |
|
| 8 | 13 |
<item> |
| 9 | 14 |
<desc>Drop packets to closed TCP ports without returning a RST</desc> |
| 10 | 15 |
<tunable>net.inet.tcp.blackhole</tunable> |
Also available in: Unified diff
Set the ephemeral port range starting port to 1024 instead of 49152.
On a busy firewall it is possible to run out of ephemeral ports and then the system will block new connections until a port is available.