This is a feature request for the addition of equivalent functionality to the PermitOpen sshd_config option in Teleport. The purpose of this feature is to limit what ports a user can forward when port forwarding is allowed.

Currently, Teleport allows enabling or disabling TCP port forwarding. However, it does not currently offer a feature allowing restrictions on specific ports during port forwarding. This feature would be a beneficial addition to the existing functionality of Teleport.

Even though a user would still have the ability to sidestep the restriction, it would create a barrier that they would need to intentionally bypass, which can be helpful in a multi-layered security approach.