Support the ident protocol
Since we need to bind on local port 113, we will need to start the process with the capability CAP_NET_BIND_SERVICE, and then drop it after the bind. Use systemd CapabilityBoundingSet=CAP_NET_BIND_SERVICE option for that, and document the “setcap” command for users without systemd.
On freebsd, use
kldload mac_portacl.ko # Load the portacl kernel module to fine-tune the port-binding privileges. sysctl net.inet.ip.portrange.reservedhigh=0 # Disable the global limitation on port < 1024, because it has a higher priority over mac_portacl sysctl security.mac.portacl.rules=uid:1001:tcp:113 # Let biboumi’s UID listen on port 113
Also add an option (in the config file) to disable this feature entirely.