On Mon, Nov 29, 2021 at 11:02:54PM +0100, Florian Westphal wrote: > Eric Garver <eric@xxxxxxxxxxx> wrote: > > On Mon, Nov 29, 2021 at 03:42:18PM +0100, Florian Westphal wrote: > > > If destination port is above 32k and source port below 16k > > > assume this might cause 'port shadowing' where a 'new' inbound > > > connection matches an existing one, e.g. > > > > How did you arrive at 16k? > > I had to pick some number. 1k is too low since some administrative > portals (or openvpn for that matter) are on ports above that. > > I wanted to pick something that would not kick in for most cases. > 16k just seemed like a good compromise, thats all. Understood. I don't have a real reason to choose anything else. That being said, there are more things registered in the > 16k range than I realized.
