help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OK, Now I see what the firewall issues are with Cfengine in our envi


From: Jamie Wilkinson
Subject: Re: OK, Now I see what the firewall issues are with Cfengine in our environment
Date: Fri, 25 Jun 2004 11:10:15 +1000
User-agent: Mutt/1.5.6+20040523i

This one time, at band camp, address@hidden wrote:
>I don't know if it is possible to fix the sender port in a tcp 
>connection.

FWIW, it is possibly to use a specific source port (BIND does so when
given the query-source parameter) though I agree that it is unnecessary:
the majority of client applications that I know of always leave it to
the operating system to choose an unprivileged source port.

If you do specify the source port in the client, then I see two options:

a) specify an unprivileged port and have extra code to cope when another
application is currently using that (wait for it to become available?
abort and print a message?  try another port (thus defeating the purpose
of using a specific port in the first place)?  what if the application
that has this port open is a long running process?

b) use a privileged port, say 5308 as it's already cfengine's number,
and don't run cfservd on the same interface as cfagent.

-- 
address@hidden                           http://spacepants.org/jaq.gpg




reply via email to

[Prev in Thread] Current Thread [Next in Thread]