17 Feb
2022
17 Feb
'22
4:36 p.m.
On 2/17/22 5:09 AM, Christian Bruns wrote:
There is a workaround to limit the port range globally at system level (/proc/sys/net/ipv4/ip_local_port_range);
Another workaround might be to match the outgoing BFD traffic and NAT it such that the source port is altered to be within range. I know that this isn't a more proper solution, but it would probably suffice without affecting the rest of the system like ip_local_port_range does. There may be more esoteric options too like running BIRD in a different network namespace with different per-namespace proc entries. (Or vice versa.) -- Grant. . . . unix || die