user-port-hack limits local user port usage through a Linux kernel patch. Ideal for enhancing security measures, the solution restricts unauthorized access, allowing users to focus on their daily tasks while protecting sensitive data.
Overall, the purpose of this patch is to assign a specific range of ports that a user can use to run daemons. Other users won't be able to bind to those ports because they're already allocated to that specific user. However, it's important to note that this patch currently only affects IPv4 (TCP and UDP).
Notably, each user will be given a range of ports that they can bind to. The first few ports can be designated for running daemons exclusively. This means that those ports will not be allocated when a random port is requested.
The patch is controlled by an extended version of the ip_local_port_range sysctl/proc interface (/proc/sys/net/ipv4/ip_local_port_range), which is a list of six values. This includes the bottom and top of the ephemeral port range, the base of restricted port range, the number of ports per user, the minimum restricted user ID, and the number of "listeners."
Overall, the patch is quite effective. For each given user, they will have access to ports b + (uid - i) * n to b + (uid - i + 1) * n - 1. Ports below b + (uid - i) * n + l won't be allocated for outgoing connections. It's important to note that this patch is currently available as a diff against RedHat's 2.4.9-31 kernel.
Version 2.4.9-31: N/A