diff --git a/Shorewall-docs/ports.xml b/Shorewall-docs/ports.xml
index dc8b9b8a3..45778cff5 100644
--- a/Shorewall-docs/ports.xml
+++ b/Shorewall-docs/ports.xml
@@ -13,7 +13,7 @@
- 2004-01-03
+ 2004-01-04
2001-2002
@@ -47,26 +47,10 @@
- NTP (Network Time Protocol)
+ Auth (identd)
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> udp 123
-
-
-
- rdate
-
- #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 37
-
-
-
- Usenet (NNTP)
-
- #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 119
-
- TCP Port 119
+ACCEPT <source> <destination> tcp 113
@@ -77,6 +61,15 @@ ACCEPT <source> <destination>
ACCEPT <source> <destination> tcp 53
+
+ FTP
+
+ #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
+ACCEPT <source> <destination> tcp 21
+
+ Look here for much more information.
+
+
ICQ
@@ -89,14 +82,11 @@ ACCEPT <source> <destination>
- PPTP
+ IMAP
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> 47
-ACCEPT <source> <destination> tcp 1723
-
- Lots more information here and here.
+ACCEPT <source> <destination> tcp 143 #Unsecure IMAP
+ACCEPT <source> <destination> tcp 993 #Secure IMAP
@@ -115,10 +105,23 @@ ACCEPT <destination> <source>
- SMTP
+ NFS
+
+ I personally use the following rules for opening access from zone z1
+ to a server with IP address a.b.c.d in zone z2:
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 25
+ACCEPT <z1> <z2>:a.b.c.d tcp 111
+ACCEPT <z1> <z2>:a.b.c.d udp 111
+ACCEPT <z1> <z2>:a.b.c.d udp 2049
+ACCEPT <z1> <z2>:a.b.c.d udp 32700:
+
+
+
+ NTP (Network Time Protocol)
+
+ #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
+ACCEPT <source> <destination> udp 123
@@ -132,18 +135,21 @@ ACCEPT <source> <destination>
- IMAP
+ PPTP
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 143 #Unsecure IMAP
-ACCEPT <source> <destination> tcp 993 #Secure IMAP
+ACCEPT <source> <destination> 47
+ACCEPT <source> <destination> tcp 1723
+
+ Lots more information here and here.
- Telnet
+ rdate
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 23
+ACCEPT <source> <destination> tcp 37
@@ -153,30 +159,6 @@ ACCEPT <source> <destination>
ACCEPT <source> <destination> tcp 22
-
- Auth (identd)
-
- #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 113
-
-
-
- Web Access
-
- #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 80 #Insecure HTTP
-ACCEPT <source> <destination> tcp 443 #Secure HTTP
-
-
-
- FTP
-
- #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <source> <destination> tcp 21
-
- Look here for much more information.
-
-
SMB/NMB (Samba/Windows Browsing/File Sharing)
@@ -189,6 +171,20 @@ ACCEPT <destination> <source>
Also, see this page.
+
+ SMTP
+
+ #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
+ACCEPT <source> <destination> tcp 25
+
+
+
+ Telnet
+
+ #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
+ACCEPT <source> <destination> tcp 23
+
+
Traceroute
@@ -201,16 +197,12 @@ ACCEPT <source> <destination>
- NFS
-
- I personally use the following rules for opening access from zone z1
- to a server with IP address a.b.c.d in zone z2:
+ Usenet (NNTP)
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
-ACCEPT <z1> <z2>:a.b.c.d tcp 111
-ACCEPT <z1> <z2>:a.b.c.d udp 111
-ACCEPT <z1> <z2>:a.b.c.d udp 2049
-ACCEPT <z1> <z2>:a.b.c.d udp 32700:
+ACCEPT <source> <destination> tcp 119
+
+ TCP Port 119
@@ -224,6 +216,14 @@ ACCEPT <source> <destination>
...
+
+ Web Access
+
+ #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
+ACCEPT <source> <destination> tcp 80 #Insecure HTTP
+ACCEPT <source> <destination> tcp 443 #Secure HTTP
+
+
Other Source of Port Information
@@ -237,7 +237,7 @@ ACCEPT <source> <destination>
Revision History
- 1.22004-01-03TEAdd
+ 1.32004-01-04TEAlphabetize1.22004-01-03TEAdd
rules file entries.1.12002-07-30TEInitial
version converted to Docbook XML