Eric Garver <eric@xxxxxxxxxxx> wrote: > On Mon, Nov 29, 2021 at 03:42:18PM +0100, Florian Westphal wrote: > > If destination port is above 32k and source port below 16k > > assume this might cause 'port shadowing' where a 'new' inbound > > connection matches an existing one, e.g. > > How did you arrive at 16k? I had to pick some number. 1k is too low since some administrative portals (or openvpn for that matter) are on ports above that. I wanted to pick something that would not kick in for most cases. 16k just seemed like a good compromise, thats all.
