Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx> --- src/network_support.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/network_support.md b/src/network_support.md index bec725e..05ec0e8 100644 --- a/src/network_support.md +++ b/src/network_support.md @@ -668,6 +668,17 @@ statements): semanage port -a -t my_server_port_t -p tcp -r s0 12345 ``` +Ports in the local port range can be auto-assigned by the kernel to +unbound sockets on first use. Controlling binding to ports is only +useful when the port number is a "name" (i.e. a well-defined value that +is expected to correspond to a specific service). + +The *name_bind* operation is not controlled on sockets associated +with ports in the local port range: +``` +sysctl net.ipv4.ip_local_port_range +``` + ## Labeled Network FileSystem (NFS) Version 4.2 of NFS supports labeling between client/server and requires -- 2.36.1
