From ba494063c190fcc85c7c90348ee3eb3f86d4f41b Mon Sep 17 00:00:00 2001 From: Pieter du Preez Date: Wed, 14 Feb 2018 20:47:47 +0100 Subject: [PATCH] Moved the service definitions out of firehol and fireqos. This commit moves the service definitions from firehol and fireqos into the following files: - sbin/services.common - sbin/services.firehol - sbin/services.fireqos The sbin/services.common file is now sourced by firehol and fireqos, in addition to their respective sbin/services.fire(hol|qos) files. The goal of this commit was to simplify maintenance of service definitions. --- doc/Makefile.am | 4 +- doc/firehol/Makefile.am | 5 +- doc/tools/mkservicelinks | 13 +- doc/tools/mkserviceman | 14 +- packaging/firehol/firehol.functions | 2 +- sbin/Makefile.am | 6 + sbin/firehol | 374 +--------------------------- sbin/fireqos | 123 +-------- sbin/services.common | 307 +++++++++++++++++++++++ sbin/services.firehol | 39 +++ sbin/services.fireqos | 12 + tests/unittest | 1 + 12 files changed, 397 insertions(+), 503 deletions(-) create mode 100644 sbin/services.common create mode 100644 sbin/services.firehol create mode 100644 sbin/services.fireqos diff --git a/doc/Makefile.am b/doc/Makefile.am index 94b01f9..6c79fa1 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -42,7 +42,9 @@ all-local: service-links MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks -service-links: $(top_srcdir)/sbin/firehol services-db.data +service-links: services-db.data $(top_srcdir)/sbin/firehol \ + $(top_srcdir)/sbin/services.common \ + $(top_srcdir)/sbin/services.firehol $(MKSERVICELINKS) service-links $+ endif diff --git a/doc/firehol/Makefile.am b/doc/firehol/Makefile.am index c484d51..4dec1b3 100644 --- a/doc/firehol/Makefile.am +++ b/doc/firehol/Makefile.am @@ -175,7 +175,10 @@ FORMATTABLE = ${top_srcdir}/doc/tools/format-table PANDOCPOST = $(gensrcdir)/doc/tools/pandoc-post CHECKLINKS = ${top_srcdir}/doc/tools/check-links -firehol-services.5.md: $(top_srcdir)/sbin/firehol ../services-db.data ../service-links +firehol-services.5.md: ../services-db.data ../service-links \ + $(top_srcdir)/sbin/firehol \ + $(top_srcdir)/sbin/services.common \ + $(top_srcdir)/sbin/services.firehol $(MKSERVICEMAN) firehol-services.5.md $+ contents.md: *.1.md *.5.md contents.tpl diff --git a/doc/tools/mkservicelinks b/doc/tools/mkservicelinks index 0a714fd..bb8a860 100755 --- a/doc/tools/mkservicelinks +++ b/doc/tools/mkservicelinks @@ -9,13 +9,18 @@ use File::Basename qw( dirname ); use lib dirname($0); use servicedb; -if (@ARGV != 3) { - print STDERR "Usage: mkservicelist output.md firehol-script services-db.data\n"; +if (@ARGV < 3) { + print STDERR "Usage: mkservicelist output.md services-db.data firehol-script [..firehol-script]\n"; exit 1; } -my ($services, $all_run) = servicedb::read_script($ARGV[1]); -my ($dbinfo, $dbalias) = servicedb::read_db($ARGV[2]); +my ($dbinfo, $dbalias) = servicedb::read_db($ARGV[1]); +my ($services, $all_run) = ({}, {}); +for (my $i=2; $i<=$#ARGV; $i++) { + my ($found_services, $found_all_run) = servicedb::read_script($ARGV[$i]); + $services = {%$services, %$found_services}; + $all_run = {%$all_run, %$found_all_run}; +} my @service_keywords = servicedb::validate($services, $dbinfo, $dbalias); open my $o, ">$ARGV[0]" or die; diff --git a/doc/tools/mkserviceman b/doc/tools/mkserviceman index 6fe4882..e409385 100755 --- a/doc/tools/mkserviceman +++ b/doc/tools/mkserviceman @@ -9,13 +9,19 @@ use File::Basename qw( dirname ); use lib dirname($0); use servicedb; -if (@ARGV != 4) { - print STDERR "Usage: mkserviceman output firehol-script services-db.data service-links\n"; +if (@ARGV < 4) { + print STDERR "Usage: mkserviceman output services-db.data service-links script [..script]\n"; exit 1; } -my ($services, $all_run) = servicedb::read_script($ARGV[1]); -my ($dbinfo, $dbalias) = servicedb::read_db($ARGV[2]); +my ($dbinfo, $dbalias) = servicedb::read_db($ARGV[1]); +# NOTE: It seems as if service-links ($ARGV[2]) is never used. +my ($services, $all_run) = ({}, {}); +for (my $i=3; $i<=$#ARGV; $i++) { + my ($found_services, $found_all_run) = servicedb::read_script($ARGV[$i]); + $services = {%$services, %$found_services}; + $all_run = {%$all_run, %$found_all_run}; +} my @service_keywords = servicedb::validate($services, $dbinfo, $dbalias); sub coalesce { diff --git a/packaging/firehol/firehol.functions b/packaging/firehol/firehol.functions index 813e9c5..0339af9 100644 --- a/packaging/firehol/firehol.functions +++ b/packaging/firehol/firehol.functions @@ -23,7 +23,7 @@ firehol_check_file() { check_commands $filename || status=1 ;; doc/services-db.data) - doc/tools/mkservicelinks /dev/null sbin/firehol doc/services-db.data || status=1 + doc/tools/mkservicelinks /dev/null doc/services-db.data sbin/firehol sbin/services.common sbin/services.firehol || status=1 ;; *) #echo "No checks found for $filename" diff --git a/sbin/Makefile.am b/sbin/Makefile.am index e2669ec..7dc0d73 100644 --- a/sbin/Makefile.am +++ b/sbin/Makefile.am @@ -32,6 +32,9 @@ CLEANFILES = install.config inclib_DATA = \ functions.common \ + services.common \ + services.fireqos \ + services.firehol \ install.config \ $(NULL) @@ -39,6 +42,9 @@ inclib_SCRIPTS = $(scripts) EXTRA_DIST = \ functions.common \ + services.common \ + services.fireqos \ + services.firehol \ install.config.in \ $(scripts) \ $(NULL) diff --git a/sbin/firehol b/sbin/firehol index 0fac780..7225e51 100755 --- a/sbin/firehol +++ b/sbin/firehol @@ -40,7 +40,10 @@ PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR:-$(realdir "$0")}" PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -for functions_file in install.config functions.common +# Services API version +FIREHOL_SERVICES_API="1" + +for functions_file in install.config functions.common services.common services.firehol do if [ -r "$PROGRAM_DIR/$functions_file" ] then @@ -1860,375 +1863,6 @@ get_next_dynamic_counter() { fi } -# Services API version -FIREHOL_SERVICES_API="1" - - -# ------------------------------------------------------------------------------ -# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -# ------------------------------------------------------------------------------ -# -# SIMPLE SERVICES DEFINITIONS -# -# ------------------------------------------------------------------------------ -# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -# ------------------------------------------------------------------------------ -# The following are definitions for simple services. -# We define as "simple" the services that are implemented using a single socket, -# initiated by the client and used by the server. -# -# The following list is sorted by service name. - -server_all_ports="any/any" -client_all_ports="any" -helper_all="ftp irc sip pptp proto_gre" - -# any is the same with all, without helpers -server_any_ports="${server_all_ports}" -client_any_ports="${client_all_ports}" -helper_any= - -server_AH_ports="51/any" -client_AH_ports="any" - -server_amanda_ports="udp/10080" -client_amanda_ports="default" -helper_amanda="amanda" - -server_aptproxy_ports="tcp/9999" -client_aptproxy_ports="default" - -server_apcupsd_ports="tcp/6544" -client_apcupsd_ports="default" - -server_apcupsdnis_ports="tcp/3551" -client_apcupsdnis_ports="default" - -server_asterisk_ports="tcp/5038" -client_asterisk_ports="default" - -server_cups_ports="tcp/631 udp/631" -client_cups_ports="any" - -server_cvspserver_ports="tcp/2401" -client_cvspserver_ports="default" - -server_darkstat_ports="tcp/666" -client_darkstat_ports="default" - -server_daytime_ports="tcp/13" -client_daytime_ports="default" - -server_dcc_ports="udp/6277" -client_dcc_ports="default" - -server_dcpp_ports="tcp/1412 udp/1412" -client_dcpp_ports="default" - -server_dns_ports="udp/53 tcp/53" -client_dns_ports="any" - -server_dhcprelay_ports="udp/67" -client_dhcprelay_ports="67" - -server_dict_ports="tcp/2628" -client_dict_ports="default" - -server_distcc_ports="tcp/3632" -client_distcc_ports="default" - -server_eserver_ports="tcp/4661 udp/4661 udp/4665" -client_eserver_ports="any" - -server_ESP_ports="50/any" -client_ESP_ports="any" - -server_echo_ports="tcp/7" -client_echo_ports="default" - -server_finger_ports="tcp/79" -client_finger_ports="default" - -server_ftp_ports="tcp/21" -client_ftp_ports="default" -helper_ftp="ftp" - -server_gift_ports="tcp/4302 tcp/1214 tcp/2182 tcp/2472" -client_gift_ports="any" - -server_giftui_ports="tcp/1213" -client_giftui_ports="default" - -server_gkrellmd_ports="tcp/19150" -client_gkrellmd_ports="default" - -server_GRE_ports="47/any" -client_GRE_ports="any" -helper_GRE="proto_gre" - -server_h323_ports="udp/1720 tcp/1720" -client_h323_ports="default" -helper_h323="h323" - -server_heartbeat_ports="udp/690:699" -client_heartbeat_ports="default" - -server_http_ports="tcp/80" -client_http_ports="default" - -server_https_ports="tcp/443" -client_https_ports="default" - -server_httpalt_ports="tcp/8080" -client_httpalt_ports="default" - -server_iax_ports="udp/5036" -client_iax_ports="default" - -server_iax2_ports="udp/5469 udp/4569" -client_iax2_ports="default" - -server_ICMP_ports="icmp/any" -client_ICMP_ports="any" - -server_icmp_ports="${server_ICMP_ports}" -client_icmp_ports="${client_ICMP_ports}" - -server_ICMPV6_ports="icmpv6/any" -client_ICMPV6_ports="any" - -server_icmpv6_ports="${server_ICMPV6_ports}" -client_icmpv6_ports="${client_ICMPV6_ports}" - -server_icp_ports="udp/3130" -client_icp_ports="3130" - -server_ident_ports="tcp/113" -client_ident_ports="default" - -server_imap_ports="tcp/143" -client_imap_ports="default" - -server_imaps_ports="tcp/993" -client_imaps_ports="default" - -server_irc_ports="tcp/6667" -client_irc_ports="default" -helper_irc="irc" - -server_isakmp_ports="udp/500" -client_isakmp_ports="any" - -server_ipsecnatt_ports="udp/4500" -client_ipsecnatt_ports="any" - -server_jabber_ports="tcp/5222 tcp/5223" -client_jabber_ports="default" - -server_jabberd_ports="tcp/5222 tcp/5223 tcp/5269" -client_jabberd_ports="default" - -server_l2tp_ports="udp/1701" -client_l2tp_ports="any" - -server_ldap_ports="tcp/389" -client_ldap_ports="default" - -server_ldaps_ports="tcp/636" -client_ldaps_ports="default" - -server_lpd_ports="tcp/515" -client_lpd_ports="any" - -server_microsoft_ds_ports="tcp/445" -client_microsoft_ds_ports="default" - -server_mms_ports="tcp/1755 udp/1755" -client_mms_ports="default" -helper_mms="mms" - -server_ms_ds_ports="${server_microsoft_ds_ports}" -client_ms_ds_ports="${client_microsoft_ds_ports}" - -server_msnp_ports="tcp/6891" -client_msnp_ports="default" - -server_msn_ports="tcp/1863 udp/1863" -client_msn_ports="default" - -server_mysql_ports="tcp/3306" -client_mysql_ports="default" - -server_netbackup_ports="tcp/13701 tcp/13711 tcp/13720 tcp/13721 tcp/13724 tcp/13782 tcp/13783" -client_netbackup_ports="any" - -server_netbios_ns_ports="udp/137" -client_netbios_ns_ports="any" - -server_netbios_dgm_ports="udp/138" -client_netbios_dgm_ports="any" - -server_netbios_ssn_ports="tcp/139" -client_netbios_ssn_ports="default" - -server_nntp_ports="tcp/119" -client_nntp_ports="default" - -server_nntps_ports="tcp/563" -client_nntps_ports="default" - -server_ntp_ports="udp/123 tcp/123" -client_ntp_ports="any" - -server_nut_ports="tcp/3493 udp/3493" -client_nut_ports="default" - -server_nxserver_ports="tcp/5000:5200" -client_nxserver_ports="default" - -server_openvpn_ports="tcp/1194 udp/1194" -client_openvpn_ports="default" - -server_oracle_ports="tcp/1521" -client_oracle_ports="default" - -server_OSPF_ports="89/any" -client_OSPF_ports="any" - -server_pop3_ports="tcp/110" -client_pop3_ports="default" - -server_pop3s_ports="tcp/995" -client_pop3s_ports="default" - -server_portmap_ports="udp/111 tcp/111" -client_portmap_ports="any" # Portmap clients appear to use ports below 1024 - -server_postgres_ports="tcp/5432" -client_postgres_ports="default" - -server_pptp_ports="tcp/1723" -client_pptp_ports="default" -helper_pptp="pptp proto_gre" - -server_privoxy_ports="tcp/8118" -client_privoxy_ports="default" - -server_radius_ports="udp/1812 udp/1813" -client_radius_ports="default" - -server_radiusproxy_ports="udp/1814" -client_radiusproxy_ports="default" - -server_radiusold_ports="udp/1645 udp/1646" -client_radiusold_ports="default" - -server_radiusoldproxy_ports="udp/1647" -client_radiusoldproxy_ports="default" - -server_rdp_ports="tcp/3389" -client_rdp_ports="default" - -server_rndc_ports="tcp/953" -client_rndc_ports="default" - -server_rsync_ports="tcp/873 udp/873" -client_rsync_ports="default" - -server_rtp_ports="udp/10000:20000" -client_rtp_ports="any" - -server_sane_ports="tcp/6566" -client_sane_ports="default" -helper_sane="sane" - -server_sip_ports="tcp/5060 udp/5060" -client_sip_ports="5060 default" -helper_sip="sip" - -server_socks_ports="tcp/1080 udp/1080" -client_socks_ports="default" - -server_squid_ports="tcp/3128" -client_squid_ports="default" - -server_smtp_ports="tcp/25" -client_smtp_ports="default" - -server_smtps_ports="tcp/465" -client_smtps_ports="default" - -server_snmp_ports="udp/161" -client_snmp_ports="default" - -server_snmptrap_ports="udp/162" -client_snmptrap_ports="any" - -server_nrpe_ports="tcp/5666" -client_nrpe_ports="default" - -server_ssh_ports="tcp/22" -client_ssh_ports="default" - -server_stun_ports="udp/3478 udp/3479" -client_stun_ports="any" - -server_submission_ports="tcp/587" -client_submission_ports="default" - -server_sunrpc_ports="${server_portmap_ports}" -client_sunrpc_ports="${client_portmap_ports}" - -server_swat_ports="tcp/901" -client_swat_ports="default" - -server_syslog_ports="udp/514" -client_syslog_ports="514 default" - -server_telnet_ports="tcp/23" -client_telnet_ports="default" - -server_tftp_ports="udp/69" -client_tftp_ports="default" -helper_tftp="tftp" - -server_tomcat_ports="${server_httpalt_ports}" -client_tomcat_ports="${client_httpalt_ports}" - -server_time_ports="tcp/37 udp/37" -client_time_ports="default" - -server_upnp_ports="udp/1900 tcp/2869" -client_upnp_ports="default" - -server_uucp_ports="tcp/540" -client_uucp_ports="default" - -server_whois_ports="tcp/43" -client_whois_ports="default" - -server_vmware_ports="tcp/902" -client_vmware_ports="default" - -server_vmwareauth_ports="tcp/903" -client_vmwareauth_ports="default" - -server_vmwareweb_ports="tcp/8222 tcp/8333" -client_vmwareweb_ports="default" - -server_vnc_ports="tcp/5900:5903" -client_vnc_ports="default" - -server_webcache_ports="${server_httpalt_ports}" -client_webcache_ports="${client_httpalt_ports}" - -server_webmin_ports="tcp/10000" -client_webmin_ports="default" - -server_xdmcp_ports="udp/177" -client_xdmcp_ports="default" - - # ------------------------------------------------------------------------------ # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # ------------------------------------------------------------------------------ diff --git a/sbin/fireqos b/sbin/fireqos index d0e51cd..44c97aa 100755 --- a/sbin/fireqos +++ b/sbin/fireqos @@ -40,7 +40,7 @@ PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR:-$(realdir "$0")}" PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -for functions_file in install.config functions.common +for functions_file in install.config functions.common services.common services.fireqos do if [ -r "$PROGRAM_DIR/$functions_file" ] then @@ -120,127 +120,6 @@ else common_setup_terminal && RUNNING_ON_TERMINAL=1 fi -# service definitions -# taken from firehol, with: -# -# $CAT_CMD firehol.sh | $EGREP_CMD "^server_.*_ports=" -# - -server_AH_ports="51/any" -server_amanda_ports="udp/10080" -server_aptproxy_ports="tcp/9999" -server_apcupsd_ports="tcp/6544" -server_apcupsdnis_ports="tcp/3551" -server_asterisk_ports="tcp/5038" -server_cups_ports="tcp/631 udp/631" -server_cvspserver_ports="tcp/2401" -server_darkstat_ports="tcp/666" -server_daytime_ports="tcp/13" -server_dcc_ports="udp/6277" -server_dcpp_ports="tcp/1412 udp/1412" -server_dns_ports="udp/53 tcp/53" -server_dhcprelay_ports="udp/67" -server_dict_ports="tcp/2628" -server_distcc_ports="tcp/3632" -server_eserver_ports="tcp/4661 udp/4661 udp/4665" -server_ESP_ports="50/any" -server_echo_ports="tcp/7" -server_finger_ports="tcp/79" -server_ftp_ports="tcp/21" -server_gift_ports="tcp/4302 tcp/1214 tcp/2182 tcp/2472" -server_giftui_ports="tcp/1213" -server_gkrellmd_ports="tcp/19150" -server_GRE_ports="47/any" -server_h323_ports="tcp/1720" -server_heartbeat_ports="udp/690:699" -server_http_ports="tcp/80" -server_https_ports="tcp/443" -server_iax_ports="udp/5036" -server_iax2_ports="udp/5469 udp/4569" -server_ICMP_ports="icmp/any" -server_icmp_ports="icmp/any" -server_icp_ports="udp/3130" -server_ident_ports="tcp/113" -server_imap_ports="tcp/143" -server_imaps_ports="tcp/993" -server_irc_ports="tcp/6667" -server_isakmp_ports="udp/500" -server_ipsecnatt_ports="udp/4500" -server_jabber_ports="tcp/5222 tcp/5223" -server_jabberd_ports="tcp/5222 tcp/5223 tcp/5269" -server_l2tp_ports="udp/1701" -server_ldap_ports="tcp/389" -server_ldaps_ports="tcp/636" -server_lpd_ports="tcp/515" -server_microsoft_ds_ports="tcp/445" -server_ms_ds_ports="tcp/445" -server_mms_ports="tcp/1755 udp/1755" -server_msn_ports="tcp/6891" -server_mysql_ports="tcp/3306" -server_netbackup_ports="tcp/13701 tcp/13711 tcp/13720 tcp/13721 tcp/13724 tcp/13782 tcp/13783" -server_netbios_ns_ports="udp/137" -server_netbios_dgm_ports="udp/138" -server_netbios_ssn_ports="tcp/139" -server_nntp_ports="tcp/119" -server_nntps_ports="tcp/563" -server_ntp_ports="udp/123 tcp/123" -server_nut_ports="tcp/3493 udp/3493" -server_nxserver_ports="tcp/5000:5200" -server_oracle_ports="tcp/1521" -server_OSPF_ports="89/any" -server_pop3_ports="tcp/110" -server_pop3s_ports="tcp/995" -server_portmap_ports="udp/111 tcp/111" -server_postgres_ports="tcp/5432" -server_pptp_ports="tcp/1723" -server_privoxy_ports="tcp/8118" -server_radius_ports="udp/1812 udp/1813" -server_radiusproxy_ports="udp/1814" -server_radiusold_ports="udp/1645 udp/1646" -server_radiusoldproxy_ports="udp/1647" -server_rdp_ports="tcp/3389" -server_rndc_ports="tcp/953" -server_rsync_ports="tcp/873 udp/873" -server_rtp_ports="udp/10000:20000" -server_sane_ports="tcp/6566" -server_sip_ports="udp/5060" -server_socks_ports="tcp/1080 udp/1080" -server_squid_ports="tcp/3128" -server_smtp_ports="tcp/25" -server_smtps_ports="tcp/465" -server_snmp_ports="udp/161" -server_snmptrap_ports="udp/162" -server_ssh_ports="tcp/22" -server_stun_ports="udp/3478 udp/3479" -server_submission_ports="tcp/587" -server_sunrpc_ports="${server_portmap_ports}" -server_swat_ports="tcp/901" -server_syslog_ports="udp/514" -server_telnet_ports="tcp/23" -server_tftp_ports="udp/69" -server_time_ports="tcp/37 udp/37" -server_upnp_ports="udp/1900 tcp/2869" -server_uucp_ports="tcp/540" -server_whois_ports="tcp/43" -server_vmware_ports="tcp/902" -server_vmwareauth_ports="tcp/903" -server_vmwareweb_ports="tcp/8222 tcp/8333" -server_vnc_ports="tcp/5900:5903" -server_webcache_ports="tcp/8080" -server_webmin_ports="tcp/10000" -server_xdmcp_ports="udp/177" - -# FireQOS only services -server_torrents_ports="tcp/6881:6999 udp/6881:6999" -server_facetime_ports="udp/3478:3497 udp/16384:16387 udp/16393:16402" -server_hangouts_ports="udp/19302:19309 tcp/19305:19309" -server_gtalk_ports="tcp/5222 tcp/5228" -server_teamviewer_ports="tcp/5938" -server_ping_ports="icmp/any" -server_tcp_ports="tcp/any" -server_udp_ports="udp/any" -server_surfing_ports="tcp/0:1023" - # ----------------------------------------------------------------------------- # Default FireHOL marks diff --git a/sbin/services.common b/sbin/services.common new file mode 100644 index 0000000..147f8fe --- /dev/null +++ b/sbin/services.common @@ -0,0 +1,307 @@ +client_AH_ports="any" +server_AH_ports="51/any" + +client_amanda_ports="default" +server_amanda_ports="udp/10080" +helper_amanda="amanda" + +client_apcupsd_ports="default" +server_apcupsd_ports="tcp/6544" + +client_apcupsdnis_ports="default" +server_apcupsdnis_ports="tcp/3551" + +client_aptproxy_ports="default" +server_aptproxy_ports="tcp/9999" + +client_asterisk_ports="default" +server_asterisk_ports="tcp/5038" + +client_cups_ports="any" +server_cups_ports="tcp/631 udp/631" + +client_cvspserver_ports="default" +server_cvspserver_ports="tcp/2401" + +client_darkstat_ports="default" +server_darkstat_ports="tcp/666" + +client_daytime_ports="default" +server_daytime_ports="tcp/13" + +client_dcc_ports="default" +server_dcc_ports="udp/6277" + +client_dcpp_ports="default" +server_dcpp_ports="tcp/1412 udp/1412" + +client_dhcprelay_ports="67" +server_dhcprelay_ports="udp/67" + +client_dict_ports="default" +server_dict_ports="tcp/2628" + +client_distcc_ports="default" +server_distcc_ports="tcp/3632" + +client_dns_ports="any" +server_dns_ports="udp/53 tcp/53" + +client_echo_ports="default" +server_echo_ports="tcp/7" + +client_eserver_ports="any" +server_eserver_ports="tcp/4661 udp/4661 udp/4665" + +client_ESP_ports="any" +server_ESP_ports="50/any" + +client_finger_ports="default" +server_finger_ports="tcp/79" + +client_ftp_ports="default" +server_ftp_ports="tcp/21" +helper_ftp="ftp" + +client_gift_ports="any" +server_gift_ports="tcp/4302 tcp/1214 tcp/2182 tcp/2472" + +client_giftui_ports="default" +server_giftui_ports="tcp/1213" + +client_gkrellmd_ports="default" +server_gkrellmd_ports="tcp/19150" + +client_GRE_ports="any" +server_GRE_ports="47/any" +helper_GRE="proto_gre" + +client_heartbeat_ports="default" +server_heartbeat_ports="udp/690:699" + +client_http_ports="default" +server_http_ports="tcp/80" + +client_https_ports="default" +server_https_ports="tcp/443" + +client_iax_ports="default" +server_iax_ports="udp/5036" + +client_iax2_ports="default" +server_iax2_ports="udp/5469 udp/4569" + +client_ICMP_ports="any" +server_ICMP_ports="icmp/any" + +client_icmp_ports="any" +server_icmp_ports="icmp/any" + +client_icp_ports="3130" +server_icp_ports="udp/3130" + +client_ident_ports="default" +server_ident_ports="tcp/113" + +client_imap_ports="default" +server_imap_ports="tcp/143" + +client_imaps_ports="default" +server_imaps_ports="tcp/993" + +client_ipsecnatt_ports="any" +server_ipsecnatt_ports="udp/4500" + +client_irc_ports="default" +server_irc_ports="tcp/6667" +helper_irc="irc" + +client_isakmp_ports="any" +server_isakmp_ports="udp/500" + +client_jabber_ports="default" +server_jabber_ports="tcp/5222 tcp/5223" + +client_jabberd_ports="default" +server_jabberd_ports="tcp/5222 tcp/5223 tcp/5269" + +client_l2tp_ports="any" +server_l2tp_ports="udp/1701" + +client_ldap_ports="default" +server_ldap_ports="tcp/389" + +client_ldaps_ports="default" +server_ldaps_ports="tcp/636" + +client_lpd_ports="any" +server_lpd_ports="tcp/515" + +client_microsoft_ds_ports="default" +server_microsoft_ds_ports="tcp/445" + +client_mms_ports="default" +server_mms_ports="tcp/1755 udp/1755" +helper_mms="mms" + +client_ms_ds_ports="default" +server_ms_ds_ports="tcp/445" + +client_mysql_ports="default" +server_mysql_ports="tcp/3306" + +client_netbackup_ports="any" +server_netbackup_ports="tcp/13701 tcp/13711 tcp/13720 tcp/13721 tcp/13724 tcp/13782 tcp/13783" + +client_netbios_dgm_ports="any" +server_netbios_dgm_ports="udp/138" + +client_netbios_ns_ports="any" +server_netbios_ns_ports="udp/137" + +client_netbios_ssn_ports="default" +server_netbios_ssn_ports="tcp/139" + +client_nntp_ports="default" +server_nntp_ports="tcp/119" + +client_nntps_ports="default" +server_nntps_ports="tcp/563" + +client_ntp_ports="any" +server_ntp_ports="udp/123 tcp/123" + +client_nut_ports="default" +server_nut_ports="tcp/3493 udp/3493" + +client_nxserver_ports="default" +server_nxserver_ports="tcp/5000:5200" + +client_oracle_ports="default" +server_oracle_ports="tcp/1521" + +client_OSPF_ports="any" +server_OSPF_ports="89/any" + +client_pop3_ports="default" +server_pop3_ports="tcp/110" + +client_pop3s_ports="default" +server_pop3s_ports="tcp/995" + +client_portmap_ports="any" +server_portmap_ports="udp/111 tcp/111" + +client_postgres_ports="default" +server_postgres_ports="tcp/5432" + +client_pptp_ports="default" +server_pptp_ports="tcp/1723" +helper_pptp="pptp proto_gre" + +client_privoxy_ports="default" +server_privoxy_ports="tcp/8118" + +client_radius_ports="default" +server_radius_ports="udp/1812 udp/1813" + +client_radiusold_ports="default" +server_radiusold_ports="udp/1645 udp/1646" + +client_radiusoldproxy_ports="default" +server_radiusoldproxy_ports="udp/1647" + +client_radiusproxy_ports="default" +server_radiusproxy_ports="udp/1814" + +client_rdp_ports="default" +server_rdp_ports="tcp/3389" + +client_rndc_ports="default" +server_rndc_ports="tcp/953" + +client_rsync_ports="default" +server_rsync_ports="tcp/873 udp/873" + +client_rtp_ports="any" +server_rtp_ports="udp/10000:20000" + +client_sane_ports="default" +server_sane_ports="tcp/6566" +helper_sane="sane" + +client_smtp_ports="default" +server_smtp_ports="tcp/25" + +client_smtps_ports="default" +server_smtps_ports="tcp/465" + +client_snmp_ports="default" +server_snmp_ports="udp/161" + +client_snmptrap_ports="any" +server_snmptrap_ports="udp/162" + +client_socks_ports="default" +server_socks_ports="tcp/1080 udp/1080" + +client_squid_ports="default" +server_squid_ports="tcp/3128" + +client_ssh_ports="default" +server_ssh_ports="tcp/22" + +client_stun_ports="any" +server_stun_ports="udp/3478 udp/3479" + +client_submission_ports="default" +server_submission_ports="tcp/587" + +client_sunrpc_ports="any" +server_sunrpc_ports="udp/111 tcp/111" + +client_swat_ports="default" +server_swat_ports="tcp/901" + +client_syslog_ports="514 default" +server_syslog_ports="udp/514" + +client_telnet_ports="default" +server_telnet_ports="tcp/23" + +client_tftp_ports="default" +server_tftp_ports="udp/69" +helper_tftp="tftp" + +client_time_ports="default" +server_time_ports="tcp/37 udp/37" + +client_upnp_ports="default" +server_upnp_ports="udp/1900 tcp/2869" + +client_uucp_ports="default" +server_uucp_ports="tcp/540" + +client_vmware_ports="default" +server_vmware_ports="tcp/902" + +client_vmwareauth_ports="default" +server_vmwareauth_ports="tcp/903" + +client_vmwareweb_ports="default" +server_vmwareweb_ports="tcp/8222 tcp/8333" + +client_vnc_ports="default" +server_vnc_ports="tcp/5900:5903" + +client_webcache_ports="default" +server_webcache_ports="tcp/8080" + +client_webmin_ports="default" +server_webmin_ports="tcp/10000" + +client_whois_ports="default" +server_whois_ports="tcp/43" + +client_xdmcp_ports="default" +server_xdmcp_ports="udp/177" diff --git a/sbin/services.firehol b/sbin/services.firehol new file mode 100644 index 0000000..4fb1209 --- /dev/null +++ b/sbin/services.firehol @@ -0,0 +1,39 @@ +client_all_ports="any" +server_all_ports="any/any" +helper_all="ftp irc sip pptp proto_gre" + +client_any_ports="any" +server_any_ports="any/any" +helper_any="" + +client_h323_ports="default" +server_h323_ports="udp/1720 tcp/1720" +helper_h323="h323" + +client_httpalt_ports="default" +server_httpalt_ports="tcp/8080" + +client_ICMPV6_ports="any" +server_ICMPV6_ports="icmpv6/any" + +client_icmpv6_ports="any" +server_icmpv6_ports="icmpv6/any" + +client_msn_ports="default" +server_msn_ports="tcp/1863 udp/1863" + +client_msnp_ports="default" +server_msnp_ports="tcp/6891" + +client_nrpe_ports="default" +server_nrpe_ports="tcp/5666" + +client_openvpn_ports="default" +server_openvpn_ports="tcp/1194 udp/1194" + +client_sip_ports="5060 default" +server_sip_ports="tcp/5060 udp/5060" +helper_sip="sip" + +client_tomcat_ports="default" +server_tomcat_ports="tcp/8080" diff --git a/sbin/services.fireqos b/sbin/services.fireqos new file mode 100644 index 0000000..9251b7f --- /dev/null +++ b/sbin/services.fireqos @@ -0,0 +1,12 @@ +server_facetime_ports="udp/3478:3497 udp/16384:16387 udp/16393:16402" +server_gtalk_ports="tcp/5222 tcp/5228" +server_h323_ports="tcp/1720" +server_hangouts_ports="udp/19302:19309 tcp/19305:19309" +server_msn_ports="tcp/6891" +server_ping_ports="icmp/any" +server_sip_ports="udp/5060" +server_surfing_ports="tcp/0:1023" +server_tcp_ports="tcp/any" +server_teamviewer_ports="tcp/5938" +server_torrents_ports="tcp/6881:6999 udp/6881:6999" +server_udp_ports="udp/any" diff --git a/tests/unittest b/tests/unittest index 0de2f6d..9c24317 100755 --- a/tests/unittest +++ b/tests/unittest @@ -100,6 +100,7 @@ export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR" sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config" cp $dirname/../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR" +cp $dirname/../sbin/services.* "$FIREHOL_OVERRIDE_PROGRAM_DIR/" verbose=0 if [ "$1" = "-v" ]