Quick question, I know it is possible, using
`net.inet.ip.portrange.reservedhigh=0`, to make it so users can bind to low ports, but my question is, is it possible to make only _one_exception? I.e. say I need to run something as a *user* on port 443. Is this possible?

Not sure - and frankly I wouldn't mess with the first 1024 ports in this way.

Could you instead set this up with a little sudo configuration? i.e. Install the security/sudo port, and create the user an entry so that he can only run the daemon that needs to bind to tcp 443 (and use NOPASSWD if preferred).

Or if the idea here is you want the daemon to run as an unprivileged user, you could instead arrange for port forwarding from tcp 443 to e.g. tcp 8443.

Ah, alright, yeah forwarding is an option. I was just curious, got into a discussion in an irc channel, and was wondering about this.

Thanks :)