>> On 2014-11-07, David Higgs <[email protected]> wrote: >> > I defined the 'svn' port in /etc/services but as of 5.6 this file >> > now appears to be unconditionally overwritten during upgrades >> > (previously it was handled via sysmerge). >> > >> > Is there a better mechanism to keep these, or should I just update >> > pf.conf to use the numeric port number? The services(5) man page >> > doesn't provide any hints. >> >> There's no mechanism to keep these, I tend to use macros in pf.conf >> for ports that aren't in /etc/services. Though in the case of svn I >> think it would be reasonable to add it in the file.. > >So do I. > >What's the policy of /etc/services? > >I mean other than be listed by the IANA [1] and the fact than just >adding tcp or udp if it doesn't use both? > >I think xmpp deserves its place :)
The policy is hard to pin down. The important part to understand is that the existance of most entries in /etc/services causes the port to become unavailable from randomization: net.inet.tcp.baddynamic=1,7,9,11,13,15,17,18,19,20,21,22,23,25,37,42,43,49,53,57,67,68,70,77,79,80,87,88,95,101,102,103,104,105,106,107,109,110,111,113,115,117,119,123,129,135,137,138,139,143,152,163,164,177,178,179,191,194,199,201,202,204,206,210,213,220,372,389,427,433,443,444,445,464,465,468,512,513,514,515,521,526,530,531,532,540,543,544,545,548,554,556,587,631,636,646,706,749,750,751,754,760,871,873,888,901,993,995,1080,1109,1127,1433,1434,1524,1525,1529,1723,1900,2049,2105,2106,2108,2110,2111,2112,2120,2121,2401,2600,2601,2602,2603,2604,2605,2606,2607,2608,2627,2983,3031,3109,3260,3306,3517,3689,4190,4444,4500,4559,5002,5060,5432,5680,6000,6001,6002,6003,6004,6005,6006,6007,6008,6009,6010,6566,7000,7001,7002,7003,7004,7005,7006,7007,7008,7009,7326,8025,8026,8953,9418,10050,10051,16992,16993,16994,16995,20005 net.inet.udp.baddynamic=7,9,13,18,19,22,37,39,49,53,67,68,69,70,80,88,105,107,109,110,111,123,129,135,137,138,139,143,161,162,163,164,177,178,179,191,194,199,201,202,204,206,210,213,220,372,389,427,444,445,464,468,500,512,513,514,517,518,520,525,533,546,547,548,554,587,623,631,636,646,664,706,749,750,751,993,995,1433,1434,1524,1525,1645,1646,1701,1723,1812,1813,1900,2049,2401,3031,3517,3689,4190,4444,4500,4559,4789,5002,5060,5432,7000,7001,7002,7003,7004,7005,7006,7007,7008,7009,8025,8067,9418,10050,10051,16992,16993,16994,16995,20005,26740 So filling the file has some significant downsides. Especially for the low ports.
