Skip to content

Instantly share code, notes, and snippets.

@bdrewery

bdrewery/gist:212362

Created October 17, 2009 15:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bdrewery/212362 to your computer and use it in GitHub Desktop.
Save bdrewery/212362 to your computer and use it in GitHub Desktop.
Download ZIP
FreeBSD 7 kernel patch to block listening on IRCD ports on INADDR_ANY
Raw
gistfile1.diff
--- ./sys/netinet/in_pcb.c.orig 2009-09-17 09:40:42.000000000 -0500
+++ ./sys/netinet/in_pcb.c 2009-10-03 11:07:16.000000000 -0500
@@ -346,6 +346,14 @@
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
0))
return (EACCES);
+ /* Deny listening on ircd ports on INADDR_ANY */
+ if ((sin->sin_addr.s_addr == INADDR_ANY) && (
+ (ntohs(lport) >= 6660 && ntohs(lport) <= 6669) ||
+ (ntohs(lport) == 6697) ||
+ (ntohs(lport) == 7000) ||
+ (ntohs(lport) == 8067)
+ ))
+ return (EINVAL);
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
priv_check_cred(inp->inp_cred,
PRIV_NETINET_REUSEPORT, 0) != 0) {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment