As of version 0.10.1 for 2.2.19 and version 1.0.11 for 2.4.6, you can limit the privileged ports that a program can bind to. When granting CAP_NET_BIND_SERVICE to a program, specify the port or ports that the program is allowed to bind to after the capability, like this:
/sbin/lidsconf -A -s /bin/httpd -o CAP_NET_BIND_SERVICE 80-80 -j GRANT |
Or, if you also need to bind to port 443 for SSL:
/sbin/lidsconf -A -s /bin/httpd -o CAP_NET_BIND_SERVICE 80-80,443-443 -j GRANT |
If you have a program that requires a range of ports, try this:
/sbin/lidsconf -A -s /path/to/program -o CAP_NET_BIND_SERVICE 423-867 -j GRANT |