extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace VALIDATE_PORTS option with built-in protocol and service tables

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6617 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-20 18:10:23 +00:00
parent 1ca8ef92c5
commit c7f68018a9
9 changed files with 1188 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall-common/releasenotes.txt
View File

@ -64,17 +64,15 @@ Other changes in Shorewall 4.0.0 Beta 6
are installed, the additional shorewall.conf file is read to see if are installed, the additional shorewall.conf file is read to see if
it specifies a SHOREWALL_COMPILER. it specifies a SHOREWALL_COMPILER.
3) Shorewall-perl validates protocol names and service names against 3) Previously, Shorewall-perl read /etc/protocols and /etc/services
/etc/protocols and /etc/services. That's the good news. The bad during compiler startup to build internal protocol and service
news is that this extra validation has a fixed overhead of almost tables. This had a fixed cost of up to one second or more,
.8 seconds on my x86_64 box. This fixed cost is mostly attributable depending on the speed of the system and the distribution
to the cost of reading and digesting /etc/services. (The /etc/services released with OpenSuSE 10.2 is over 14,000
lines!!) These tables are now initialized by the Perl compiler
To give people the choice of whether they want to incur this fixed which speeds up compilation considerably. The /etc/protocols and
cost on each compilation, I've added a VALIDATE_PORTS option in /etc/services used to build these tables are from Ubuntu Fiesty
/etc/shorewall/shorewall.conf. If you set this to 'No', you can Fawn and are included in /usr/share/shorewall-perl/.
save the extra processing time but the compiled script may fail at
runtime because of typing errors.
Migration Considerations: Migration Considerations:

6
Shorewall-common/shorewall.conf
View File

@ -31,12 +31,6 @@ VERBOSITY=1
SHOREWALL_COMPILER= SHOREWALL_COMPILER=
###############################################################################
# C O M P I L E R O P T I O N S
###############################################################################
VALIDATE_PORTS=Yes
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

27
Shorewall-perl/Shorewall/Chains.pm
View File

@ -756,7 +756,6 @@ sub clearrule() {
sub validate_proto( $ ) { sub validate_proto( $ ) {
my $proto = $_[0]; my $proto = $_[0];
return $proto unless $config{VALIDATE_PORTS};
my $value = $protocols{$proto}; my $value = $protocols{$proto};
return $value if defined $value; return $value if defined $value;
return $proto if $proto =~ /^(\d+)$/ && $proto <= 65535; return $proto if $proto =~ /^(\d+)$/ && $proto <= 65535;
@ -774,22 +773,20 @@ sub validate_portpair( $ ) {
my @ports = split/:/, $portpair, 2; my @ports = split/:/, $portpair, 2;
if ( $config{VALIDATE_PORTS} ) { for my $port ( @ports ) {
for my $port ( @ports ) { my $value = $services{$port};
my $value = $services{$port};
unless ( defined $value ) {
unless ( defined $value ) { $value = $port if $port =~ /^(\d+)$/ && $port <= 65535;
$value = $port if $port =~ /^(\d+)$/ && $port <= 65535; }
}
fatal_error "Invalid/Unknown port/service ($port)" unless defined $value; fatal_error "Invalid/Unknown port/service ($port)" unless defined $value;
$port = $value;
}
$port = $value; if ( @ports == 2 ) {
} fatal_error "Invalid port range ($portpair)" unless $ports[0] < $ports[1];
if ( @ports == 2 ) {
fatal_error "Invalid port range ($portpair)" unless $ports[0] < $ports[1];
}
} }
join ':', @ports; join ':', @ports;

522
Shorewall-perl/Shorewall/Config.pm
View File

@ -46,8 +46,10 @@ our @EXPORT = qw(
push_open push_open
pop_open pop_open
read_a_line read_a_line
read_a_line1
validate_level validate_level
qt qt
ensure_config_path
get_configuration get_configuration
require_capability require_capability
report_capabilities report_capabilities
@ -87,9 +89,488 @@ our %capabilities;
# #
# /etc/protocols and /etc/services # /etc/protocols and /etc/services
# #
our %protocols; # Protocol and Services tables generated using buildproto.pl - Wed Jun 19 21:05:31 2007
our %services; #
our %protocols = (
ip => 0,
IP => 0,
icmp => 1,
ICMP => 1,
igmp => 2,
IGMP => 2,
ggp => 3,
GGP => 3,
ipencap => 4,
'IP-ENCAP' => 4,
st => 5,
ST => 5,
tcp => 6,
TCP => 6,
egp => 8,
EGP => 8,
igp => 9,
IGP => 9,
pup => 12,
PUP => 12,
udp => 17,
UDP => 17,
hmp => 20,
HMP => 20,
'xns-idp' => 22,
'XNS-IDP' => 22,
rdp => 27,
RDP => 27,
'iso-tp4' => 29,
'ISO-TP4' => 29,
xtp => 36,
XTP => 36,
ddp => 37,
DDP => 37,
'idpr-cmtp' => 38,
'IDPR-CMTP' => 38,
ipv6 => 41,
IPv6 => 41,
'ipv6-route' => 43,
'IPv6-Route' => 43,
'ipv6-frag' => 44,
'IPv6-Frag' => 44,
idrp => 45,
IDRP => 45,
rsvp => 46,
RSVP => 46,
gre => 47,
GRE => 47,
esp => 50,
'IPSEC-ESP' => 50,
ah => 51,
'IPSEC-AH' => 51,
skip => 57,
SKIP => 57,
'ipv6-icmp' => 58,
'IPv6-ICMP' => 58,
'ipv6-nonxt' => 59,
'IPv6-NoNxt' => 59,
'ipv6-opts' => 60,
'IPv6-Opts' => 60,
rspf => 73,
vmtp => 81,
VMTP => 81,
eigrp => 88,
EIGRP => 88,
ospf => 89,
OSPFIGP => 89,
'ax.25' => 93,
'AX.25' => 93,
ipip => 94,
IPIP => 94,
etherip => 97,
ETHERIP => 97,
encap => 98,
ENCAP => 98,
pim => 103,
PIM => 103,
ipcomp => 108,
IPCOMP => 108,
vrrp => 112,
VRRP => 112,
l2tp => 115,
L2TP => 115,
isis => 124,
ISIS => 124,
sctp => 132,
SCTP => 132,
fc => 133,
FC => 133,
);
our %services = (
tcpmux => 1,
echo => 7,
discard => 9,
sink => 9,
null => 9,
systat => 11,
users => 11,
daytime => 13,
netstat => 15,
qotd => 17,
quote => 17,
msp => 18,
chargen => 19,
ttytst => 19,
source => 19,
'ftp-data' => 20,
ftp => 21,
fsp => 21,
fspd => 21,
ssh => 22,
telnet => 23,
smtp => 25,
mail => 25,
time => 37,
timserver => 37,
rlp => 39,
resource => 39,
nameserver => 42,
name => 42,
whois => 43,
nicname => 43,
tacacs => 49,
're-mail-ck' => 50,
domain => 53,
mtp => 57,
'tacacs-ds' => 65,
bootps => 67,
bootpc => 68,
tftp => 69,
gopher => 70,
rje => 77,
netrjs => 77,
finger => 79,
www => 80,
http => 80,
link => 87,
ttylink => 87,
kerberos => 88,
kerberos5 => 88,
krb5 => 88,
'kerberos-sec' => 88,
supdup => 95,
hostnames => 101,
hostname => 101,
'iso-tsap' => 102,
tsap => 102,
'acr-nema' => 104,
dicom => 104,
'csnet-ns' => 105,
'cso-ns' => 105,
rtelnet => 107,
pop2 => 109,
postoffice => 109,
'pop-2' => 109,
pop3 => 110,
'pop-3' => 110,
sunrpc => 111,
portmapper => 111,
auth => 113,
authentication => 113,
tap => 113,
ident => 113,
sftp => 115,
'uucp-path' => 117,
nntp => 119,
readnews => 119,
untp => 119,
ntp => 123,
pwdgen => 129,
'loc-srv' => 135,
epmap => 135,
'netbios-ns' => 137,
'netbios-dgm' => 138,
'netbios-ssn' => 139,
imap2 => 143,
imap => 143,
snmp => 161,
'snmp-trap' => 162,
snmptrap => 162,
'cmip-man' => 163,
'cmip-agent' => 164,
mailq => 174,
xdmcp => 177,
nextstep => 178,
NeXTStep => 178,
NextStep => 178,
bgp => 179,
prospero => 191,
irc => 194,
smux => 199,
'at-rtmp' => 201,
'at-nbp' => 202,
'at-echo' => 204,
'at-zis' => 206,
qmtp => 209,
z3950 => 210,
wais => 210,
ipx => 213,
imap3 => 220,
pawserv => 345,
zserv => 346,
fatserv => 347,
rpc2portmap => 369,
codaauth2 => 370,
clearcase => 371,
Clearcase => 371,
ulistserv => 372,
ldap => 389,
imsp => 406,
https => 443,
snpp => 444,
'microsoft-ds' => 445,
kpasswd => 464,
saft => 487,
isakmp => 500,
rtsp => 554,
nqs => 607,
'npmp-local' => 610,
dqs313_qmaster => 610,
'npmp-gui' => 611,
dqs313_execd => 611,
'hmmp-ind' => 612,
dqs313_intercell => 612,
ipp => 631,
exec => 512,
biff => 512,
comsat => 512,
login => 513,
who => 513,
whod => 513,
shell => 514,
cmd => 514,
syslog => 514,
printer => 515,
spooler => 515,
talk => 517,
ntalk => 518,
route => 520,
router => 520,
routed => 520,
timed => 525,
timeserver => 525,
tempo => 526,
newdate => 526,
courier => 530,
rpc => 530,
conference => 531,
chat => 531,
netnews => 532,
netwall => 533,
gdomap => 538,
uucp => 540,
uucpd => 540,
klogin => 543,
kshell => 544,
krcmd => 544,
afpovertcp => 548,
remotefs => 556,
rfs_server => 556,
rfs => 556,
nntps => 563,
snntp => 563,
submission => 587,
ldaps => 636,
tinc => 655,
silc => 706,
'kerberos-adm' => 749,
webster => 765,
rsync => 873,
'ftps-data' => 989,
ftps => 990,
telnets => 992,
imaps => 993,
ircs => 994,
pop3s => 995,
socks => 1080,
proofd => 1093,
rootd => 1094,
openvpn => 1194,
rmiregistry => 1099,
kazaa => 1214,
nessus => 1241,
lotusnote => 1352,
lotusnotes => 1352,
'ms-sql-s' => 1433,
'ms-sql-m' => 1434,
ingreslock => 1524,
'prospero-np' => 1525,
datametrics => 1645,
'old-radius' => 1645,
'sa-msg-port' => 1646,
'old-radacct' => 1646,
kermit => 1649,
l2f => 1701,
l2tp => 1701,
radius => 1812,
'radius-acct' => 1813,
radacct => 1813,
msnp => 1863,
'unix-status' => 1957,
'log-server' => 1958,
remoteping => 1959,
nfs => 2049,
'rtcm-sc104' => 2101,
cvspserver => 2401,
venus => 2430,
'venus-se' => 2431,
codasrv => 2432,
'codasrv-se' => 2433,
mon => 2583,
dict => 2628,
gpsd => 2947,
gds_db => 3050,
icpv2 => 3130,
icp => 3130,
mysql => 3306,
nut => 3493,
distcc => 3632,
daap => 3689,
svn => 3690,
subversion => 3690,
iax => 4569,
'radmin-port' => 4899,
rfe => 5002,
mmcc => 5050,
sip => 5060,
'sip-tls' => 5061,
aol => 5190,
'xmpp-client' => 5222,
'jabber-client' => 5222,
'xmpp-server' => 5269,
'jabber-server' => 5269,
cfengine => 5308,
postgresql => 5432,
postgres => 5432,
x11 => 6000,
'x11-0' => 6000,
'x11-1' => 6001,
'x11-2' => 6002,
'x11-3' => 6003,
'x11-4' => 6004,
'x11-5' => 6005,
'x11-6' => 6006,
'x11-7' => 6007,
'gnutella-svc' => 6346,
'gnutella-rtr' => 6347,
'afs3-fileserver' => 7000,
bbs => 7000,
'afs3-callback' => 7001,
'afs3-prserver' => 7002,
'afs3-vlserver' => 7003,
'afs3-kaserver' => 7004,
'afs3-volser' => 7005,
'afs3-errors' => 7006,
'afs3-bos' => 7007,
'afs3-update' => 7008,
'afs3-rmtsys' => 7009,
'font-service' => 7100,
xfs => 7100,
'bacula-dir' => 9101,
'bacula-fd' => 9102,
'bacula-sd' => 9103,
amanda => 10080,
hkp => 11371,
bprd => 13720,
bpdbm => 13721,
'bpjava-msvc' => 13722,
vnetd => 13724,
bpcd => 13782,
vopied => 13783,
wnn6 => 22273,
rtmp => 1,
nbp => 2,
zip => 6,
kerberos4 => 750,
'kerberos-iv' => 750,
kdc => 750,
kerberos_master => 751,
passwd_server => 752,
krb_prop => 754,
krb5_prop => 754,
hprop => 754,
krbupdate => 760,
kreg => 760,
swat => 901,
kpop => 1109,
knetd => 2053,
'zephyr-srv' => 2102,
'zephyr-clt' => 2103,
'zephyr-hm' => 2104,
eklogin => 2105,
kx => 2111,
iprop => 2121,
supfilesrv => 871,
supfiledbg => 1127,
linuxconf => 98,
poppassd => 106,
ssmtp => 465,
smtps => 465,
moira_db => 775,
moira_update => 777,
moira_ureg => 779,
spamd => 783,
omirr => 808,
omirrd => 808,
customs => 1001,
skkserv => 1178,
predict => 1210,
rmtcfg => 1236,
wipld => 1300,
xtel => 1313,
xtelw => 1314,
support => 1529,
sieve => 2000,
cfinger => 2003,
ndtp => 2010,
frox => 2121,
ninstall => 2150,
zebrasrv => 2600,
zebra => 2601,
ripd => 2602,
ripngd => 2603,
ospfd => 2604,
bgpd => 2605,
ospf6d => 2606,
ospfapi => 2607,
isisd => 2608,
afbackup => 2988,
afmbackup => 2989,
xtell => 4224,
fax => 4557,
hylafax => 4559,
distmp3 => 4600,
munin => 4949,
lrrd => 4949,
'enbd-cstatd' => 5051,
'enbd-sstatd' => 5052,
pcrd => 5151,
noclog => 5354,
hostmon => 5355,
rplay => 5555,
rptp => 5556,
nsca => 5667,
mrtd => 5674,
bgpsim => 5675,
canna => 5680,
'sane-port' => 6566,
sane => 6566,
saned => 6566,
ircd => 6667,
'zope-ftp' => 8021,
webcache => 8080,
tproxy => 8081,
omniorb => 8088,
'clc-build-daemon' => 8990,
xinetd => 9098,
mandelspawn => 9359,
mandelbrot => 9359,
zope => 9673,
kamanda => 10081,
amandaidx => 10082,
amidxtape => 10083,
smsqp => 11201,
xpilot => 15345,
'sgi-cmsd' => 17001,
'sgi-crsd' => 17002,
'sgi-gcd' => 17003,
'sgi-cad' => 17004,
isdnlog => 20011,
vboxd => 20012,
binkp => 24554,
asp => 27374,
csync2 => 30865,
dircproxy => 57000,
tfido => 60177,
fido => 60179,
);
# #
# Capabilities # Capabilities
# #
@ -221,10 +702,6 @@ sub initialize() {
EXPORTPARAMS => undef, EXPORTPARAMS => undef,
SHOREWALL_COMPILER => undef, SHOREWALL_COMPILER => undef,
# #
# Compiler Options
#
VALIDATE_PORTS => undef,
#
# Packet Disposition # Packet Disposition
# #
MACLIST_DISPOSITION => undef, MACLIST_DISPOSITION => undef,
@ -266,11 +743,6 @@ sub initialize() {
CAPVERSION => undef, CAPVERSION => undef,
); );
# #
# /etc/protocols and /etc/services
#
%protocols = ();
%services = ();
#
# Capabilities # Capabilities
# #
%capdesc = ( NAT_ENABLED => 'NAT', %capdesc = ( NAT_ENABLED => 'NAT',
@ -1017,31 +1489,6 @@ sub get_capabilities( $ ) {
} }
} }
sub get_protos_and_ports() {
open_file '/etc/protocols' or fatal_error "Cannot open /etc/protocols: $!";
while ( read_a_line1 ) {
my ( $proto1, $number, $proto2, $proto3 ) = split_line( 2, 4, '/etc/protocols entry');
$protocols{ $proto1 } = $number;
$protocols{ $proto2 } = $number unless $proto2 eq '-' || $proto3 ne '-';
}
open_file '/etc/services' or fatal_error "Cannot open /etc/services: $!";
while ( read_a_line1 ) {
my ( $name1, $proto_number, @names ) = split_line( 2, 10, '/etc/services entry');
my ( $number, $proto ) = split '/', $proto_number;
$services{ $name1 } = $number;
while ( defined ( $name1 = shift @names ) && $name1 ne '-' ) {
$services{ $name1 } = $number;
}
}
}
# #
# - Read the shorewall.conf file # - Read the shorewall.conf file
# - Read the capabilities file, if any # - Read the capabilities file, if any
@ -1134,7 +1581,6 @@ sub get_configuration( $ ) {
default_yes_no 'EXPORTPARAMS' , ''; default_yes_no 'EXPORTPARAMS' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'VALIDATE_PORTS' , 'Yes';
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK}; $capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};
@ -1251,8 +1697,6 @@ sub get_configuration( $ ) {
} else { } else {
$config{LOCKFILE} = ''; $config{LOCKFILE} = '';
} }
get_protos_and_ports if $config{VALIDATE_PORTS};
} }
# #

76
Shorewall-perl/buildproto.pl Normal file
View File

@ -0,0 +1,76 @@
#! /usr/bin/perl -w
use strict;
use lib '/usr/share/shorewall-perl';
use Shorewall::Common;
use Shorewall::Config;
our $offset = "\t\t ";
our %service_hash;
sub print_it( $$ ) {
my ( $name, $number ) = @_;
my $tabs;
my $length = length $name;
if ( $name =~ /[-.]/ ) {
$tabs = $length < 4 ? "\t\t\t" : $length < 12 ? "\t\t" : "\t";
print "${offset}'${name}'${tabs}=> $number,\n";
} else {
$tabs = $length < 6 ? "\t\t\t" : $length < 14 ? "\t\t" : "\t";
print "${offset}${name}${tabs}=> $number,\n";
}
}
sub print_service( $$ ) {
my ( $service, $number ) = @_;
unless ( exists $service_hash{$service} ) {
print_it( $service, $number );
$service_hash{$service} = $number;
}
}
set_shorewall_dir($ARGV[0] ? $ARGV[0] : '.');
ensure_config_path;
our $date = localtime;
print <<"EOF";
#
# Protocol and Services tables generated using buildproto.pl - $date
#
EOF
print "our %protocols = (\n";
open_file 'protocols' or fatal_error "Cannot open protocols: $!";
while ( read_a_line1 ) {
my ( $proto1, $number, $proto2, $proto3 ) = split_line( 2, 4, '/etc/protocols entry');
print_it( $proto1, $number );
print_it( $proto2, $number ) unless $proto2 eq '-' || $proto3 ne '-';
}
print "\t\t );\n\n";
print "our %services = (\n";
open_file 'services' or fatal_error "Cannot open services: $!";
while ( read_a_line1 ) {
my ( $name1, $proto_number, @names ) = split_line( 2, 10, '/etc/services entry');
my ( $number, $proto ) = split '/', $proto_number;
print_service( $name1 , $number );
while ( defined ( $name1 = shift @names ) && $name1 ne '-' ) {
print_service ($name1, $number );
}
}
print "\t\t );\n";

6
Shorewall-perl/install.sh
View File

@ -185,6 +185,12 @@ for f in prog.* ; do
echo "Program skeleton file ${f#*.} installed as ${PREFIX}/usr/share/shorewall-perl/$f" echo "Program skeleton file ${f#*.} installed as ${PREFIX}/usr/share/shorewall-perl/$f"
done done
#
# Install the /etc/protocols and /etc/services used to generate tables
#
install_file protocols ${PREFIX}/usr/share/shorewall-perl/protocols 444
install_file services ${PREFIX}/usr/share/shorewall-perl/services 444
echo $VERSION > ${PREFIX}/usr/share/shorewall-perl/version echo $VERSION > ${PREFIX}/usr/share/shorewall-perl/version
# #
# Report Success # Report Success

56
Shorewall-perl/protocols Normal file
View File

@ -0,0 +1,56 @@
# Internet (IP) protocols
#
# Updated from http://www.iana.org/assignments/protocol-numbers and other
# sources.
# New protocols will be added on request if they have been officially
# assigned by IANA and are not historical.
# If you need a huge list of used numbers please install the nmap package.
ip 0 IP # internet protocol, pseudo protocol number
#hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # Internet Group Management
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco)
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # user datagram protocol
hmp 20 HMP # host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905]
xtp 36 XTP # Xpress Transfer Protocol
ddp 37 DDP # Datagram Delivery Protocol
idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport
ipv6 41 IPv6 # Internet Protocol, version 6
ipv6-route 43 IPv6-Route # Routing Header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
idrp 45 IDRP # Inter-Domain Routing Protocol
rsvp 46 RSVP # Reservation Protocol
gre 47 GRE # General Routing Encapsulation
esp 50 IPSEC-ESP # Encap Security Payload [RFC2406]
ah 51 IPSEC-AH # Authentication Header [RFC2402]
skip 57 SKIP # SKIP
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB)
vmtp 81 VMTP # Versatile Message Transport
eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
ospf 89 OSPFIGP # Open Shortest Path First IGP
ax.25 93 AX.25 # AX.25 frames
ipip 94 IPIP # IP-within-IP Encapsulation Protocol
etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378]
encap 98 ENCAP # Yet Another IP encapsulation [RFC1241]
# 99 # any private encryption scheme
pim 103 PIM # Protocol Independent Multicast
ipcomp 108 IPCOMP # IP Payload Compression Protocol
vrrp 112 VRRP # Virtual Router Redundancy Protocol
l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661]
isis 124 ISIS # IS-IS over IPv4
sctp 132 SCTP # Stream Control Transmission Protocol
fc 133 FC # Fibre Channel

543
Shorewall-perl/services Normal file
View File

@ -0,0 +1,543 @@
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, officially ports have two entries
# even if the protocol doesn't support UDP operations.
#
# Updated from http://www.iana.org/assignments/port-numbers and other
# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .
# New ports will be added on request if they have been officially assigned
# by IANA and used in the real-world or are needed by a debian package.
# If you need a huge list of used numbers please install the nmap package.
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # message send protocol
msp 18/udp
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp
domain 53/tcp nameserver # name-domain server
domain 53/udp nameserver
mtp 57/tcp # deprecated
tacacs-ds 65/tcp # TACACS-Database Service
tacacs-ds 65/udp
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
rje 77/tcp netrjs
finger 79/tcp
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5
kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5
supdup 95/tcp
hostnames 101/tcp hostname # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE
acr-nema 104/tcp dicom # Digital Imag. & Comm. 300
acr-nema 104/udp dicom # Digital Imag. & Comm. 300
csnet-ns 105/tcp cso-ns # also used by CSO name server
csnet-ns 105/udp cso-ns
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop2 109/tcp postoffice pop-2 # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper
sunrpc 111/udp portmapper
auth 113/tcp authentication tap ident
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
pwdgen 129/tcp # PWDGEN service
pwdgen 129/udp # PWDGEN service
loc-srv 135/tcp epmap # Location Service
loc-srv 135/udp epmap
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap2 143/tcp imap # Interim Mail Access P 2 and 4
imap2 143/udp imap
snmp 161/tcp # Simple Net Mgmt Protocol
snmp 161/udp # Simple Net Mgmt Protocol
snmp-trap 162/tcp snmptrap # Traps for SNMP
snmp-trap 162/udp snmptrap # Traps for SNMP
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
cmip-man 163/udp
cmip-agent 164/tcp
cmip-agent 164/udp
mailq 174/tcp # Mailer transport queue for Zmailer
mailq 174/udp # Mailer transport queue for Zmailer
xdmcp 177/tcp # X Display Mgr. Control Proto
xdmcp 177/udp
nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp NeXTStep NextStep # server
bgp 179/tcp # Border Gateway Protocol
bgp 179/udp
prospero 191/tcp # Cliff Neuman's Prospero
prospero 191/udp
irc 194/tcp # Internet Relay Chat
irc 194/udp
smux 199/tcp # SNMP Unix Multiplexer
smux 199/udp
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # Quick Mail Transfer Protocol
qmtp 209/udp # Quick Mail Transfer Protocol
z3950 210/tcp wais # NISO Z39.50 database
z3950 210/udp wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
pawserv 345/tcp # Perf Analysis Workbench
pawserv 345/udp
zserv 346/tcp # Zebra server
zserv 346/udp
fatserv 347/tcp # Fatmen Server
fatserv 347/udp
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
codaauth2 370/tcp
codaauth2 370/udp # Coda authentication server
clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase
ulistserv 372/tcp # UNIX Listserv
ulistserv 372/udp
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp
imsp 406/tcp # Interactive Mail Support Protocol
imsp 406/udp
https 443/tcp # http protocol over TLS/SSL
https 443/udp
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp
microsoft-ds 445/tcp # Microsoft Naked CIFS
microsoft-ds 445/udp
kpasswd 464/tcp
kpasswd 464/udp
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp
isakmp 500/tcp # IPsec - Internet Security Association
isakmp 500/udp # and Key Management Protocol
rtsp 554/tcp # Real Time Stream Control Protocol
rtsp 554/udp # Real Time Stream Control Protocol
nqs 607/tcp # Network Queuing system
nqs 607/udp
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd
hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell
ipp 631/tcp # Internet Printing Protocol
ipp 631/udp
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
route 520/udp router routed # RIP
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # for emergency broadcasts
gdomap 538/tcp # GNUstep distributed objects
gdomap 538/udp
uucp 540/tcp uucpd # uucp daemon
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
nntps 563/tcp snntp # NNTP over SSL
nntps 563/udp snntp
submission 587/tcp # Submission [RFC2476]
submission 587/udp
ldaps 636/tcp # LDAP over SSL
ldaps 636/udp
tinc 655/tcp # tinc control port
tinc 655/udp
silc 706/tcp
silc 706/udp
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
#
webster 765/tcp # Network dictionary
webster 765/udp
rsync 873/tcp
rsync 873/udp
ftps-data 989/tcp # FTP over SSL (data)
ftps 990/tcp
telnets 992/tcp # Telnet over SSL
telnets 992/udp
imaps 993/tcp # IMAP over SSL
imaps 993/udp
ircs 994/tcp # IRC over SSL
ircs 994/udp
pop3s 995/tcp # POP-3 over SSL
pop3s 995/udp
#
# From ``Assigned Numbers'':
#
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations. For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined. This list specifies the port used by the server process as its
#> contact port. While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.
#
socks 1080/tcp # socks proxy server
socks 1080/udp
proofd 1093/tcp
proofd 1093/udp
rootd 1094/tcp
rootd 1094/udp
openvpn 1194/tcp
openvpn 1194/udp
rmiregistry 1099/tcp # Java RMI Registry
rmiregistry 1099/udp
kazaa 1214/tcp
kazaa 1214/udp
nessus 1241/tcp # Nessus vulnerability
nessus 1241/udp # assessment scanner
lotusnote 1352/tcp lotusnotes # Lotus Note
lotusnote 1352/udp lotusnotes
ms-sql-s 1433/tcp # Microsoft SQL Server
ms-sql-s 1433/udp
ms-sql-m 1434/tcp # Microsoft SQL Monitor
ms-sql-m 1434/udp
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius
datametrics 1645/udp old-radius
sa-msg-port 1646/tcp old-radacct
sa-msg-port 1646/udp old-radacct
kermit 1649/tcp
kermit 1649/udp
l2f 1701/tcp l2tp
l2f 1701/udp l2tp
radius 1812/tcp
radius 1812/udp
radius-acct 1813/tcp radacct # Radius Accounting
radius-acct 1813/udp radacct
msnp 1863/tcp # MSN Messenger
msnp 1863/udp
unix-status 1957/tcp # remstats unix-status server
log-server 1958/tcp # remstats log server
remoteping 1959/tcp # remstats remoteping server
nfs 2049/tcp # Network File System
nfs 2049/udp # Network File System
rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99
rtcm-sc104 2101/udp
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp
venus 2430/tcp # codacon port
venus 2430/udp # Venus callback/wbc interface
venus-se 2431/tcp # tcp side effects
venus-se 2431/udp # udp sftp side effect
codasrv 2432/tcp # not used
codasrv 2432/udp # server port
codasrv-se 2433/tcp # tcp side effects
codasrv-se 2433/udp # udp sftp side effect
mon 2583/tcp # MON
mon 2583/udp
dict 2628/tcp # Dictionary server
dict 2628/udp
gpsd 2947/tcp
gpsd 2947/udp
gds_db 3050/tcp # InterBase server
gds_db 3050/udp
icpv2 3130/tcp icp # Internet Cache Protocol
icpv2 3130/udp icp
mysql 3306/tcp
mysql 3306/udp
nut 3493/tcp # Network UPS Tools
nut 3493/udp
distcc 3632/tcp # distributed compiler
distcc 3632/udp
daap 3689/tcp # Digital Audio Access Protocol
daap 3689/udp
svn 3690/tcp subversion # Subversion protocol
svn 3690/udp subversion
iax 4569/tcp # Inter-Asterisk eXchange
iax 4569/udp
radmin-port 4899/tcp # RAdmin Port
radmin-port 4899/udp
rfe 5002/udp # Radio Free Ethernet
rfe 5002/tcp
mmcc 5050/tcp # multimedia conference control tool (Yahoo IM)
mmcc 5050/udp
sip 5060/tcp # Session Initiation Protocol
sip 5060/udp
sip-tls 5061/tcp
sip-tls 5061/udp
aol 5190/tcp # AIM
aol 5190/udp
xmpp-client 5222/tcp jabber-client # Jabber Client Connection
xmpp-client 5222/udp jabber-client
xmpp-server 5269/tcp jabber-server # Jabber Server Connection
xmpp-server 5269/udp jabber-server
cfengine 5308/tcp
cfengine 5308/udp
postgresql 5432/tcp postgres # PostgreSQL Database
postgresql 5432/udp postgres
x11 6000/tcp x11-0 # X Window System
x11 6000/udp x11-0
x11-1 6001/tcp
x11-1 6001/udp
x11-2 6002/tcp
x11-2 6002/udp
x11-3 6003/tcp
x11-3 6003/udp
x11-4 6004/tcp
x11-4 6004/udp
x11-5 6005/tcp
x11-5 6005/udp
x11-6 6006/tcp
x11-6 6006/udp
x11-7 6007/tcp
x11-7 6007/udp
gnutella-svc 6346/tcp # gnutella
gnutella-svc 6346/udp
gnutella-rtr 6347/tcp # gnutella
gnutella-rtr 6347/udp
afs3-fileserver 7000/tcp bbs # file server itself
afs3-fileserver 7000/udp bbs
afs3-callback 7001/tcp # callbacks to cache managers
afs3-callback 7001/udp
afs3-prserver 7002/tcp # users & groups database
afs3-prserver 7002/udp
afs3-vlserver 7003/tcp # volume location database
afs3-vlserver 7003/udp
afs3-kaserver 7004/tcp # AFS/Kerberos authentication
afs3-kaserver 7004/udp
afs3-volser 7005/tcp # volume managment server
afs3-volser 7005/udp
afs3-errors 7006/tcp # error interpretation service
afs3-errors 7006/udp
afs3-bos 7007/tcp # basic overseer process
afs3-bos 7007/udp
afs3-update 7008/tcp # server-to-server updater
afs3-update 7008/udp
afs3-rmtsys 7009/tcp # remote cache manager service
afs3-rmtsys 7009/udp
font-service 7100/tcp xfs # X Font Service
font-service 7100/udp xfs
bacula-dir 9101/tcp # Bacula Director
bacula-dir 9101/udp
bacula-fd 9102/tcp # Bacula File Daemon
bacula-fd 9102/udp
bacula-sd 9103/tcp # Bacula Storage Daemon
bacula-sd 9103/udp
amanda 10080/tcp # amanda backup services
amanda 10080/udp
hkp 11371/tcp # OpenPGP HTTP Keyserver
hkp 11371/udp # OpenPGP HTTP Keyserver
bprd 13720/tcp # VERITAS NetBackup
bprd 13720/udp
bpdbm 13721/tcp # VERITAS NetBackup
bpdbm 13721/udp
bpjava-msvc 13722/tcp # BP Java MSVC Protocol
bpjava-msvc 13722/udp
vnetd 13724/tcp # Veritas Network Utility
vnetd 13724/udp
bpcd 13782/tcp # VERITAS NetBackup
bpcd 13782/udp
vopied 13783/tcp # VERITAS NetBackup
vopied 13783/udp
wnn6 22273/tcp # wnn6
wnn6 22273/udp
#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol
#=========================================================================
# The remaining port numbers are not as allocated by IANA.
#=========================================================================
# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unofficial. Sites running
# v4 should uncomment these and comment out the v5 entries above.
#
kerberos4 750/udp kerberos-iv kdc # Kerberos (server)
kerberos4 750/tcp kerberos-iv kdc
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp
passwd_server 752/udp # Kerberos passwd server
krb_prop 754/tcp krb5_prop hprop # Kerberos slave propagation
krbupdate 760/tcp kreg # Kerberos registration
swat 901/tcp # swat
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/udp # Zephyr hostmanager
eklogin 2105/tcp # Kerberos encrypted rlogin
# Hmmm. Are we using Kv4 or Kv5 now? Worrying.
# The following is probably Kerberos v5 --- ajt@debian.org (11/02/2000)
kx 2111/tcp # X over Kerberos
iprop 2121/tcp # incremental propagation
#
# Unofficial but necessary (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging
#
# Services added for the Debian GNU/Linux distribution
#
linuxconf 98/tcp # LinuxConf
poppassd 106/tcp # Eudora
poppassd 106/udp
ssmtp 465/tcp smtps # SMTP over SSL
moira_db 775/tcp # Moira database
moira_update 777/tcp # Moira update protocol
moira_ureg 779/udp # Moira user registration
spamd 783/tcp # spamassassin daemon
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd
customs 1001/tcp # pmake customs server
customs 1001/udp
skkserv 1178/tcp # skk jisho server port
predict 1210/udp # predict -- satellite tracking
rmtcfg 1236/tcp # Gracilis Packeten remote config server
wipld 1300/tcp # Wipl network monitor
xtel 1313/tcp # french minitel
xtelw 1314/tcp # french minitel
support 1529/tcp # GNATS
sieve 2000/tcp # Sieve mail filter daemon
cfinger 2003/tcp # GNU Finger
ndtp 2010/tcp # Network dictionary transfer protocol
frox 2121/tcp # frox: caching ftp proxy
ninstall 2150/tcp # ninstall service
ninstall 2150/udp
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # ripd vty (zebra)
ripngd 2603/tcp # ripngd vty (zebra)
ospfd 2604/tcp # ospfd vty (zebra)
bgpd 2605/tcp # bgpd vty (zebra)
ospf6d 2606/tcp # ospf6d vty (zebra)
ospfapi 2607/tcp # OSPF-API
isisd 2608/tcp # ISISd vty (zebra)
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp
afmbackup 2989/tcp # Afmbackup system
afmbackup 2989/udp
xtell 4224/tcp # xtell server
fax 4557/tcp # FAX transmission service (old)
hylafax 4559/tcp # HylaFAX client-server protocol (new)
distmp3 4600/tcp # distmp3host daemon
munin 4949/tcp lrrd # Munin
enbd-cstatd 5051/tcp # ENBD client statd
enbd-sstatd 5052/tcp # ENBD server statd
pcrd 5151/tcp # PCR-1000 Daemon
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses UDP (nocol)
rplay 5555/udp # RPlay audio service
rplay 5555/tcp
rptp 5556/udp # Remote Play Transfer Protocol
rptp 5556/tcp
nsca 5667/tcp # Nagios Agent - NSCA
mrtd 5674/tcp # MRT Routing Daemon
bgpsim 5675/tcp # MRT Routing Simulator
canna 5680/tcp # cannaserver
sane-port 6566/tcp sane saned # SANE network scanner daemon
ircd 6667/tcp # Internet Relay Chat
zope-ftp 8021/tcp # zope management by ftp
webcache 8080/tcp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
omniorb 8088/tcp # OmniORB
omniorb 8088/udp
clc-build-daemon 8990/tcp # Common lisp build daemon
xinetd 9098/tcp
mandelspawn 9359/udp mandelbrot # network mandelbrot
zope 9673/tcp # zope server
kamanda 10081/tcp # amanda backup services (Kerberos)
kamanda 10081/udp
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
smsqp 11201/tcp # Alamin SMS gateway
smsqp 11201/udp
xpilot 15345/tcp # XPilot Contact Port
xpilot 15345/udp
sgi-cmsd 17001/udp # Cluster membership services daemon
sgi-crsd 17002/udp
sgi-gcd 17003/udp # SGI Group membership daemon
sgi-cad 17004/tcp # Cluster Admin daemon
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp
vboxd 20012/tcp # voice box system
vboxd 20012/udp
binkp 24554/tcp # binkp fidonet protocol
asp 27374/tcp # Address Search Protocol
asp 27374/udp
csync2 30865/tcp # cluster synchronization tool
dircproxy 57000/tcp # Detachable IRC Proxy
tfido 60177/tcp # fidonet EMSI over telnet
fido 60179/tcp # fidonet EMSI over TCP
# Local services

4
Shorewall-perl/shorewall-perl.spec
View File

@ -1,6 +1,6 @@
%define name shorewall-perl %define name shorewall-perl
%define version 4.0.0 %define version 4.0.0
%define release 0Beta5 %define release 0Beta6
%define prefix /usr %define prefix /usr
Summary: Shoreline Firewall Perl-based compiler. Summary: Shoreline Firewall Perl-based compiler.
@ -59,6 +59,8 @@ rm -rf $RPM_BUILD_ROOT
%attr(0644,root,root) /usr/share/shorewall-perl/prog.functions %attr(0644,root,root) /usr/share/shorewall-perl/prog.functions
%attr(0644,root,root) /usr/share/shorewall-perl/prog.footer %attr(0644,root,root) /usr/share/shorewall-perl/prog.footer
%attr(0644,root,root) /usr/share/shorewall-perl/version %attr(0644,root,root) /usr/share/shorewall-perl/version
%attr(0444,root,root) /usr/share/shorewall-perl/protocols
%attr(0444,root,root) /usr/share/shorewall-perl/services
%attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Accounting.pm %attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Accounting.pm
%attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Actions.pm %attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Actions.pm
%attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Chains.pm %attr(0555,root,root) /usr/share/shorewall-perl/Shorewall/Chains.pm