shorewall_code/docs/ports.xml

749 lines
25 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<articleinfo>
<title>Ports Required for Various Services/Applications</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<othercredit>
<surname>Cristian Rodriguez R.</surname>
</othercredit>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2001-<?dbtimestamp format="Y"?></year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
<abstract>
<para>In addition to those applications described in the
/etc/shorewall/rules documentation, here are some other
services/applications that you may need to configure your firewall to
accommodate.</para>
</abstract>
</articleinfo>
<caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that release</emphasis></para>
</caution>
<section>
<title>Important Notes</title>
<note>
<para>Shorewall distribution contains a library of user-defined macros
that allow for easily allowing or blocking a particular application.
<command>ls <filename>/usr/share/shorewall/</filename>macro.*</command>
for the list of macros in your distribution. If you find what you need,
you simply use the macro in a rule. For example, to allow DNS queries
from the <emphasis role="bold">dmz</emphasis> zone to the <emphasis
role="bold">net</emphasis> zone:</para>
<programlisting>#ACTION SOURCE DESTINATION
DNS/ACCEPT dmz net</programlisting>
</note>
<note>
<para>In the rules that are shown in this document, the ACTION is shown
as ACCEPT. You may need to use DNAT (see <ulink url="FAQ.htm#faq30">FAQ
30</ulink>) or you may want DROP or REJECT if you are trying to block
the application.</para>
<para>Example: You want to port forward FTP from the net to your server
at 192.168.1.4 in your DMZ. The FTP section below gives you:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
FTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
<para>You would code your rule as follows:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
FTP/DNAT net dmz:192.168.1.4 </programlisting>
</note>
</section>
<section>
<title>Auth (identd)</title>
<caution>
<para><emphasis role="bold"><emphasis>It is now the 21st
Century</emphasis> ; don't use identd in production
anymore.</emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Auth/ACCEPT <emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>BitTorrent</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<caution>
<para><emphasis role="bold"><emphasis>We assume BitTorrent client listen
in the default port(s)</emphasis></emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
BitTorrent/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>DNS</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
DNS/ACCEPT <emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting>
<para>Note that if you are setting up a DNS server that supports recursive
resolution, the server is the &lt;<emphasis>destination</emphasis>&gt; for
resolution requests (from clients) and is also the
&lt;<emphasis>source</emphasis>&gt; of recursive resolution requests
(usually to other servers in the 'net' zone). So for example, if you have
a public DNS server in your DMZ that supports recursive resolution for
local clients then you would need:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
DNS/ACCEPT all dmz
DNS/ACCEPT dmz net </programlisting>
<note>
<para>Recursive Resolution means that if the server itself can't resolve
the name presented to it, the server will attempt to resolve the name
with the help of other servers.</para>
</note>
</section>
<section id="Emule">
<title>Emule</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<para>In contrast to how the rest of this article is organized, for emule
I will give you the rules necessary to run emule on a single machine in
your loc network (since that's what 99.99% of you want to do). Assume
that:</para>
<orderedlist>
<listitem>
<para>The internal machine running emule has IP address
192.168.1.4.</para>
</listitem>
<listitem>
<para>You use Masquerading or SNAT for the local network.</para>
</listitem>
<listitem>
<para>The zones are named as they are in the <ulink
url="shorewall_quickstart_guide.htm">two- and three-interface
QuickStart guides)</ulink>.</para>
</listitem>
<listitem>
<para>Your loc-&gt;net policy is ACCEPT</para>
</listitem>
</orderedlist>
<para><filename>/etc/shorewall/rules:</filename></para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Edonkey/DNAT net loc:192.168.1.4
#if you wish to enable the Emule webserver, add this rule too.
DNAT net loc:192.168.1.4 tcp 4711</programlisting>
</section>
<section>
<title>FTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
FTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
<para>Look <ulink url="FTP.html">here</ulink> for much more
information.</para>
</section>
<section>
<title>Gnutella</title>
<para><orderedlist>
<listitem>
<para>The internal machine running a Gnutella Client has IP address
192.168.1.4.</para>
</listitem>
<listitem>
<para>You use Masquerading or SNAT for the local network.</para>
</listitem>
<listitem>
<para>The zones are named as they are in the <ulink
url="shorewall_quickstart_guide.htm">two- and three-interface
QuickStart guides)</ulink>.</para>
</listitem>
<listitem>
<para>Your loc-&gt;net policy is ACCEPT</para>
</listitem>
</orderedlist><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Gnutella/DNAT net loc:192.168.1.4</programlisting></para>
</section>
<section>
<title>ICQ/AIM</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ICQ/ACCEPT <emphasis>&lt;source&gt;</emphasis> net</programlisting>
</section>
<section>
<title>IMAP</title>
<caution>
<para>When accessing your mail from the internet,use <emphasis
role="bold">only</emphasis> <emphasis role="bold">IMAP over
SSL.</emphasis></para>
</caution>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
IMAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> # Unsecure IMAP
IMAPS/ACCEPT &lt;source&gt; &lt;destination&gt; # IMAP over SSL.</programlisting>
</section>
<section>
<title>IPSEC</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> 50
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> 51
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> udp 500
ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</emphasis> 50
ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</emphasis> 51
ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</emphasis> udp 500</programlisting>
<para>Lots more information <ulink url="IPSEC.htm">here</ulink> and <ulink
url="VPN.htm">here</ulink>.</para>
</section>
<section>
<title>LDAP</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
LDAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> <emphasis> #Insecure LDAP</emphasis>
LDAPS/ACCEPT <emphasis><emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis></emphasis><emphasis></emphasis> # LDAP over SSL</programlisting>
</section>
<section>
<title><trademark>MySQL</trademark></title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<caution>
<para>Allowing access from untrusted hosts to your
<trademark>MySQL</trademark> server represents a <emphasis
role="bold">severe security risk</emphasis>.</para>
<para><emphasis role="bold">DO NOT USE THIS </emphasis>if you don't know
how to deal with the consecuences, you have been warned.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
MySQL/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> <emphasis> </emphasis></programlisting>
</section>
<section>
<title>NFS</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT <emphasis>&lt;z1&gt;</emphasis>:&lt;list of client IPs&gt; <emphasis> &lt;z2&gt;</emphasis>:a.b.c.d tcp 111
ACCEPT <emphasis>&lt;z1&gt;</emphasis>:&lt;list of client IPs&gt; <emphasis> &lt;z2&gt;</emphasis>:a.b.c.d udp</programlisting>
<para>For more NFS information, see <ulink
url="http://sourceforge.net/mailarchive/forum.php?thread_id=8972145&amp;forum_id=2270">http://sourceforge.net/mailarchive/forum.php?thread_id=8972145&amp;forum_id=2270</ulink>.</para>
</section>
<section>
<title>NTP (Network Time Protocol)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
NTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title><trademark>PCAnywhere</trademark></title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
PCA/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>POP3</title>
<caution>
<para>If Possible , <emphasis role="bold">Avoid this protocol</emphasis>
, use <emphasis role="bold">IMAP</emphasis> instead.</para>
</caution>
<caution>
<para>This information is valid only for Shorewall 3.2 or later</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
POP3/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> # Secure
POP3S/ACCEPT &lt;source&gt; &lt;destination&gt; #Unsecure Pop3</programlisting>
</section>
<section>
<title>PPTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> 47
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> tcp 1723</programlisting>
<para>Lots more information <ulink url="PPTP.htm">here</ulink> and <ulink
url="VPN.htm">here</ulink>.</para>
</section>
<section>
<title>rdate</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Rdate/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>rsync</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Rsync/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>SSH/SFTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SSH/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting>
</section>
<section>
<title>SMB/NMB (Samba/<trademark>Windows</trademark> Browsing/File
Sharing)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SMB/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis>
SMB/ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</emphasis></programlisting>
<para>Also, see <ulink url="samba.htm">this page</ulink>.</para>
</section>
<section>
<title>SMTP</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SMTP/ACCEPT<emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure SMTP
SMTPS/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #SMTP over SSL (TLS)</programlisting>
</section>
<section>
<title>SNMP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SNMP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>SVN</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<caution>
<para>This rule is for Subversion running in <emphasis
role="bold">svnserve mode only.</emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SVN/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>Telnet</title>
<caution>
<para><emphasis role="bold"><emphasis>The telnet protocol is very
insecure</emphasis>, don't use it.</emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Telnet/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title>TFTP</title>
<para>You must have TFTP connection tracking support in your kernel. If
modularized, the modules are <emphasis
role="bold">ip_conntrack_tftp</emphasis> (and <emphasis
role="bold">ip_nat_tftp</emphasis> if any form of NAT is involved) These
modules may be loaded using entries in
<filename>/etc/shorewall/modules</filename>. The <emphasis
role="bold">ip_conntrack_tftp</emphasis> module must be loaded first. Note
that the <filename>/etc/shorewall/modules</filename> file released with
recent Shorewall versions contains entries for these modules.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> udp 69</programlisting>
</section>
<section>
<title>Traceroute</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Trcrt/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Good for 10 hops</programlisting>
<para>UDP traceroute uses ports 33434 through 33434+&lt;max number of
hops&gt;-1. Note that for the firewall to respond with a TTL expired ICMP
reply, you will need to allow ICMP 11 outbound from the firewall. The
standard Shorewall sample configurations all set this up for you
automatically since those sample configurations enable all ICMP packet
types originating on the firewall itself.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT fw net icmp
ACCEPT fw loc icmp
ACCEPT fw ...</programlisting>
</section>
<section>
<title>Usenet (NNTP)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
NNTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis>
NNTPS/ACCEPT &lt;source&gt; &lt;destination&gt; # secure NNTP</programlisting>
<para>TCP Port 119</para>
</section>
<section>
<title>VNC</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<para>Vncviewer to Vncserver -- TCP port 5900 + &lt;display
number&gt;.</para>
<para>the following rule handles VNC traffic for VNC displays 0 -
9.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
VNC/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis>
</programlisting>
<para>Vncserver to Vncviewer in listen mode -- TCP port 5500.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
VNCL/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<title><trademark>Vonage</trademark></title>
<para>The standard Shorewall loc-&gt;net ACCEPT policy is all that is
required for <trademark>Vonage</trademark> IP phone service to work,
provided that you have loaded the tftp helper modules (add the following
entries to /etc/shorewall/modules if they are not there already):</para>
<programlisting> loadmodule ip_conntrack_tftp
loadmodule ip_nat_tftp</programlisting>
</section>
<section>
<title>Web Access</title>
<caution>
<para>This information is valid for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
HTTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure HTTP
HTTPS/ACCEPT &lt;source&gt; &lt;destination&gt; #Secure HTTP</programlisting>
</section>
<section>
<title>Webmin</title>
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Webmin/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting>Webmin
use TCP port 10000.</para>
</section>
<section>
<title>Whois</title>
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Whois/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting></para>
</section>
<section>
<title>X/XDMCP</title>
<para>Assume that the Choser and/or X Server are running at
&lt;<emphasis>chooser</emphasis>&gt; and the Display Manager/X
applications are running at &lt;<emphasis>apps</emphasis>&gt;.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT &lt;<emphasis>chooser</emphasis>&gt; &lt;<emphasis>apps</emphasis>&gt; udp 177 #XDMCP
ACCEPT &lt;<emphasis>apps</emphasis>&gt; &lt;<emphasis>chooser</emphasis>&gt; tcp 6000:6009 #X Displays 0-9</programlisting>
</section>
<section>
<title>Other Source of Port Information</title>
<para>Didn't find what you are looking for -- have you looked in your own
/etc/services file?</para>
<para>Still looking? Try <ulink
url="http://www.networkice.com/advice/Exploits/Ports">http://www.networkice.com/advice/Exploits/Ports</ulink></para>
</section>
<appendix>
<title>Revision History</title>
<para><revhistory>
<revision>
<revnumber>1.18</revnumber>
<date>2006-07-18</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall 3.2</revremark>
</revision>
<revision>
<revnumber>1.18</revnumber>
<date>2005-11-23</date>
<authorinitials>CR</authorinitials>
<revremark>Add Webmin info</revremark>
</revision>
<revision>
<revnumber>1.17</revnumber>
<date>2005-09-20</date>
<authorinitials>TE</authorinitials>
<revremark>More 3.0 Updates</revremark>
</revision>
<revision>
<revnumber>1.16</revnumber>
<date>2005-09-02</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall v3.0</revremark>
</revision>
<revision>
<revnumber>1.15</revnumber>
<date>2005-05-02</date>
<authorinitials>TE</authorinitials>
<revremark>Added Emule</revremark>
</revision>
<revision>
<revnumber>1.14</revnumber>
<date>2004-10-01</date>
<authorinitials>TE</authorinitials>
<revremark>Add rsync.</revremark>
</revision>
<revision>
<revnumber>1.13</revnumber>
<date>2004-09-21</date>
<authorinitials>TE</authorinitials>
<revremark>Add note about ICMP type 11 to Traceroute.</revremark>
</revision>
<revision>
<revnumber>1.12</revnumber>
<date>2004-09-09</date>
<authorinitials>TE</authorinitials>
<revremark>Add note about <trademark>Vonage</trademark>.</revremark>
</revision>
<revision>
<revnumber>1.11</revnumber>
<date>2004-05-28</date>
<authorinitials>TE</authorinitials>
<revremark>Corrected directory for actions.std and enhanced the DNS
section.</revremark>
</revision>
<revision>
<revnumber>1.10</revnumber>
<date>2004-05-09</date>
<authorinitials>TE</authorinitials>
<revremark>Added TFTP.</revremark>
</revision>
<revision>
<revnumber>1.9</revnumber>
<date>2004-04-24</date>
<authorinitials>TE</authorinitials>
<revremark>Revised ICQ/AIM.</revremark>
</revision>
<revision>
<revnumber>1.8</revnumber>
<date>2004-04-23</date>
<authorinitials>TE</authorinitials>
<revremark>Added SNMP.</revremark>
</revision>
<revision>
<revnumber>1.7</revnumber>
<date>2004-02-18</date>
<authorinitials>TE</authorinitials>
<revremark>Make NFS work for everyone.</revremark>
</revision>
<revision>
<revnumber>1.6</revnumber>
<date>2004-02-14</date>
<authorinitials>TE</authorinitials>
<revremark>Add PCAnywhere.</revremark>
</revision>
<revision>
<revnumber>1.5</revnumber>
<date>2004-02-05</date>
<authorinitials>TE</authorinitials>
<revremark>Added information about VNC viewers in listen
mode.</revremark>
</revision>
<revision>
<revnumber>1.4</revnumber>
<date>2004-01-26</date>
<authorinitials>TE</authorinitials>
<revremark>Correct ICQ.</revremark>
</revision>
<revision>
<revnumber>1.3</revnumber>
<date>2004-01-04</date>
<authorinitials>TE</authorinitials>
<revremark>Alphabetize</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
<date>2004-01-03</date>
<authorinitials>TE</authorinitials>
<revremark>Add rules file entries.</revremark>
</revision>
<revision>
<revnumber>1.1</revnumber>
<date>2002-07-30</date>
<authorinitials>TE</authorinitials>
<revremark>Initial version converted to Docbook XML</revremark>
</revision>
</revhistory></para>
</appendix>
</article>