diff --git a/Shorewall-docs/ports.htm b/Shorewall-docs/ports.htm
deleted file mode 100644
index aa007d071..000000000
--- a/Shorewall-docs/ports.htm
+++ /dev/null
@@ -1,147 +0,0 @@
-
-
-
-
- Shorewall Port Information
-
-
-
-
-Ports Required for Various
-Services/Applications
-
-In addition to those applications described in the /etc/shorewall/rules documentation,
-here are some other services/applications that you may need to
-configure
-your firewall to accommodate.
-NTP (Network Time Protocol)
-
- UDP Port 123
-
-rdate
-
- TCP Port 37
-
-UseNet (NNTP)
-
- TCP Port 119
-
-DNS
-
- UDP Port 53. If you are configuring a DNS client, you will
-probably
-want to open TCP Port 53 as well.
-If you are configuring a server, only open TCP Port 53 if
-you will return long replies to queries or if you need to enable ZONE
-transfers. In the latter case, be sure that your server is
-properly
-configured.
-
-ICQ
-
- UDP Port 4000. You will also need to open a range of TCP ports
-which you can specify to your ICQ client. By default, clients use
-4000-4100.
-
-PPTP
-
- Protocol 47 (NOT port 47) and TCP Port 1723 (Lots more information here).
-
-IPSEC
-
- Protocols 50 and 51 (NOT ports 50 and 51) and UDP
-Port 500. These should be opened in both directions (Lots more
-information here and here).
-
-SMTP (Email)
-
- TCP Port 25.
-
-RealPlayer
-
-
- UDP Port 6790 inbound
-
-
-POP3
-
- TCP Port 110 (Secure = TCP Port 995)
-
-
-IMAP
-
-TCP Port 143 (Secure = TCP Port 993)
-
-TELNET
-
- TCP Port 23.
-
-SSH
-
- TCP Port 22.
-
-Auth (identd)
-
- TCP Port 113
-
-Web Access
-
- TCP Ports 80 and 443.
-
-FTP
-
-
- TCP port 21 plus look here for much more
-information.
-
-
-SMB/NMB (Samba/Windows Browsing/File Sharing)
-
-
- TCP Ports 137, 139 and 445.
-UDP Ports 137-139.
-
-Also, see this page.
-
-Traceroute
-
- UDP ports 33434 through 33434+<max number of hops>-1
-ICMP type 8 ('ping')
-
-
-NFS
-
-
- I personally use the following rules for opening access from zone
-z1 to a server with IP address a.b.c.d in zone z2:
-
- ACCEPT z1 z2:a.b.c.d udp 111
ACCEPT z1 z2:a.b.c.d tcp 111
ACCEPT z1 z2:a.b.c.d udp 2049
ACCEPT z1 z2:a.b.c.d udp 32700:
-
-
- Note that my rules only cover NFS using UDP (the normal case).
-There is lots of additional information at
-http://nfs.sourceforge.net/nfs-howto/security.html
-
-VNC
-
-
- TCP port 5900 + <display number>
-
-Didn't find what you are looking for -- have you looked in your own
-/etc/services file?
-Still looking? Try
-http://www.networkice.com/advice/Exploits/Ports
-Last updated 7/30/2003 - Tom Eastep
-Copyright ©
-2001, 2002, 2003 Thomas M. Eastep.
-
-
-
-
-
diff --git a/Shorewall-docs/ports.xml b/Shorewall-docs/ports.xml
new file mode 100644
index 000000000..5fbc55776
--- /dev/null
+++ b/Shorewall-docs/ports.xml
@@ -0,0 +1,270 @@
+
+
+
+
+
+
+ Ports Required for Various Services/Applications
+
+
+
+ Tom
+
+ Eastep
+
+
+
+ 2002-07-30
+
+
+ 2001-2002
+
+ Thomas M. Eastep
+
+
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU Free Documentation License, Version
+ 1.2 or any later version published by the Free Software Foundation; with
+ no Invariant Sections, with no Front-Cover, and with no Back-Cover
+ Texts. A copy of the license is included in the section entitled
+ GNU Free Documentation License
.
+
+
+
+ In addition to those applications described in the
+ /etc/shorewall/rules documentation, here are some other
+ services/applications that you may need to configure your firewall to
+ accommodate.
+
+
+
+
+ NTP (Network Time Protocol)
+
+ UDP Port 123
+
+
+
+ rdate
+
+ TCP Port 37
+
+
+
+ Usenet (NNTP)
+
+ TCP Port 119
+
+
+
+ DNS
+
+ UDP Port 53. If you are configuring a DNS client, you will probably
+ want to open TCP Port 53 as well. If you are configuring a server, only
+ open TCP Port 53 if you will return long replies to queries or if you need
+ to enable ZONE transfers. In the latter case, be sure that your server is
+ properly configured.
+
+
+
+ ICQ
+
+ UDP Port 4000. You will also need to open a range of TCP ports which
+ you can specify to your ICQ client. By default, clients use 4000-4100.
+
+
+
+ PPTP
+
+ Protocol 47 (NOT port 47) and TCP Port 1723 (Lots more information
+ here and here).
+
+
+
+ IPSEC
+
+ Protocols 50 and 51 (NOT ports 50 and 51) and UDP Port 500. These
+ should be opened in both directions (Lots more information here and here)
+
+
+
+ SMTP (email)
+
+ TCP Port 25.
+
+
+
+ Pop3
+
+ TCP Port 110 (Secure Pop3 is TCP Port 995)
+
+
+
+ IMAP
+
+ TCP Port 143 (Secure IMAP is TCP Port 993)
+
+
+
+ Telnet
+
+ TCP Port 23.
+
+
+
+
+
+ Auth (identd)
+
+ TCP Port 113
+
+
+
+ Web Access
+
+ TCP Ports 80 and 443.
+
+
+
+ FTP
+
+ TCP port 21 plus look here for much
+ more information.
+
+
+
+ SMB/NMB (Samba/Windows Browsing/File Sharing)
+
+ TCP Ports 137, 139 and 445.
+
+ UDP Ports 137-139.
+
+ Also, see this page.
+
+
+
+ Traceroute
+
+ UDP ports 33434 through 33434+<max number of hops>-1
+
+ ICMP type 8 ('ping')
+
+
+
+ NFS
+
+ I personally use the following rules for opening access from zone z1
+ to a server with IP address a.b.c.d in zone z2:
+
+
+
+
+
+ ACTION
+
+ SOURCE
+
+ DESTINATION
+
+ PROTOCOL
+
+ PORT(S)
+
+ SOURCE PORT(S)
+
+ ORIGINAL DEST
+
+
+
+
+
+ ACCEPT
+
+ z1
+
+ z2:a.b.c.d
+
+ udp
+
+ 111
+
+
+
+
+
+
+
+ ACCEPT
+
+ z1
+
+ z2:a.b.c.d
+
+ tcp
+
+ 111
+
+
+
+
+
+
+
+ ACCEPT
+
+ z1
+
+ z2:a.b.c.d
+
+ udp
+
+ 2049
+
+
+
+
+
+
+
+ ACCEPT
+
+ z1
+
+ z2:a.b.c.d
+
+ udp
+
+ 32700:
+
+
+
+
+
+
+
+
+
+
+
+ VNC
+
+ TCP port 5900 + <display number>.
+
+
+
+ Other Source of Port Information
+
+ Didn't find what you are looking for -- have you looked in your
+ own /etc/services file?
+
+ Still looking? Try http://www.networkice.com/advice/Exploits/Ports
+
+
\ No newline at end of file