Re: services(5): more cleanup
On Sun, 16 May 2021 01:11:51 + Aisha Tammy wrote: > I have a few machines which use something to the effect of `pass in on > egress proto tcp to port smtps ...`. > A quick question, does this mean that the port in pf.conf will also > have to be renamed? From experience doing the same Aisha, # pfctl -nf /etc/pf.conf will complain if there are unknown port or host names. These can be checked with getent(1) As pf starts before unbound when booting, any hostnames used by pf need to be in /etc/hosts & kept current. Cheers, Craig.
Re: services(5): more cleanup
On Sat, May 15 2021, Aisha Tammy wrote: > On 5/11/21 9:04 PM, Kurt Mosiejczuk wrote: >> On Wed, May 12, 2021 at 01:13:55AM +0200, Jeremie Courreges-Anglas wrote: >> >>> I'd like to drop SWAT, unofficial and dropped by the samba project >>> around the switch to samba4. - moved smtps/465 to the standards section (rfc8314) >>> The new service was named "submissions". I guess we should use both >>> that and the "smtps" alias. >>> https://datatracker.ietf.org/doc/html/rfc8314#section-7.3 >>> ok? > A quick question, does this mean that the port in pf.conf will also have > to be renamed? > I have a few machines which use something to the effect of `pass in on > egress proto tcp to port smtps ...`. > Will that be broken by this? Similarly smtpd.conf? Or do they do this > port-name translation separately? I'd suggest you do a quick test. ;) > Best, > Aisha > >> ok kmos >> >> --Kurt >> >>> Index: services >>> === >>> RCS file: /d/cvs/src/etc/services,v >>> retrieving revision 1.100 >>> diff -u -p -p -u -r1.100 services >>> --- services5 May 2021 11:49:17 - 1.100 >>> +++ services11 May 2021 23:03:12 - >>> @@ -123,7 +123,7 @@ microsoft-ds445/tcp # >>> Microsoft-DS >>> microsoft-ds 445/udp # Microsoft-DS >>> kpasswd 464/tcp # Kerberos 5 password >>> changing >>> kpasswd 464/udp # Kerberos 5 password >>> changing >>> -smtps 465/tcp # mail message >>> submission (TLS) >>> +submissions465/tcp smtps # mail message >>> submission (TLS) >>> photuris 468/tcp # Photuris Key Management >>> photuris 468/udp >>> isakmp500/udp # ISAKMP key management >>> @@ -296,7 +296,6 @@ kerberos_master 751/udp # >>> Kerberos 4 >>> kerberos_master 751/tcp # Kerberos 4 kadmin >>> krb_prop 754/tcp hprop # Kerberos slave propagation >>> krbupdate 760/tcp kreg# BSD Kerberos registration >>> -swat 901/tcp # Samba Web >>> Administration Tool >>> datametrics 1645/udp >>> ekshell2 2106/tcp# Encrypted kshell - UColorado, >>> Boulder >>> webster 2627/tcp# Network dictionary >>> >>> -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE >>> 1524 E7EE >>> > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: services(5): more cleanup
On 5/11/21 9:04 PM, Kurt Mosiejczuk wrote: On Wed, May 12, 2021 at 01:13:55AM +0200, Jeremie Courreges-Anglas wrote: I'd like to drop SWAT, unofficial and dropped by the samba project around the switch to samba4. - moved smtps/465 to the standards section (rfc8314) The new service was named "submissions". I guess we should use both that and the "smtps" alias. https://datatracker.ietf.org/doc/html/rfc8314#section-7.3 ok? A quick question, does this mean that the port in pf.conf will also have to be renamed? I have a few machines which use something to the effect of `pass in on egress proto tcp to port smtps ...`. Will that be broken by this? Similarly smtpd.conf? Or do they do this port-name translation separately? Best, Aisha ok kmos --Kurt Index: services === RCS file: /d/cvs/src/etc/services,v retrieving revision 1.100 diff -u -p -p -u -r1.100 services --- services5 May 2021 11:49:17 - 1.100 +++ services11 May 2021 23:03:12 - @@ -123,7 +123,7 @@ microsoft-ds445/tcp # Microsoft-DS microsoft-ds 445/udp # Microsoft-DS kpasswd 464/tcp # Kerberos 5 password changing kpasswd 464/udp # Kerberos 5 password changing -smtps 465/tcp # mail message submission (TLS) +submissions465/tcp smtps # mail message submission (TLS) photuris 468/tcp # Photuris Key Management photuris 468/udp isakmp500/udp # ISAKMP key management @@ -296,7 +296,6 @@ kerberos_master 751/udp # Kerberos 4 kerberos_master 751/tcp # Kerberos 4 kadmin krb_prop 754/tcp hprop # Kerberos slave propagation krbupdate 760/tcp kreg# BSD Kerberos registration -swat 901/tcp # Samba Web Administration Tool datametrics 1645/udp ekshell2 2106/tcp# Encrypted kshell - UColorado, Boulder webster 2627/tcp# Network dictionary -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: services(5): more cleanup
On Wed, May 12, 2021 at 01:13:55AM +0200, Jeremie Courreges-Anglas wrote: > I'd like to drop SWAT, unofficial and dropped by the samba project > around the switch to samba4. > > - moved smtps/465 to the standards section (rfc8314) > The new service was named "submissions". I guess we should use both > that and the "smtps" alias. > https://datatracker.ietf.org/doc/html/rfc8314#section-7.3 > ok? ok kmos --Kurt > > Index: services > === > RCS file: /d/cvs/src/etc/services,v > retrieving revision 1.100 > diff -u -p -p -u -r1.100 services > --- services 5 May 2021 11:49:17 - 1.100 > +++ services 11 May 2021 23:03:12 - > @@ -123,7 +123,7 @@ microsoft-ds 445/tcp # > Microsoft-DS > microsoft-ds 445/udp # Microsoft-DS > kpasswd 464/tcp # Kerberos 5 password > changing > kpasswd 464/udp # Kerberos 5 password > changing > -smtps465/tcp # mail message > submission (TLS) > +submissions 465/tcp smtps # mail message submission (TLS) > photuris 468/tcp # Photuris Key Management > photuris 468/udp > isakmp 500/udp # ISAKMP key management > @@ -296,7 +296,6 @@ kerberos_master 751/udp # > Kerberos 4 > kerberos_master 751/tcp # Kerberos 4 kadmin > krb_prop 754/tcp hprop # Kerberos slave propagation > krbupdate760/tcp kreg# BSD Kerberos registration > -swat 901/tcp # Samba Web Administration Tool > datametrics 1645/udp > ekshell2 2106/tcp# Encrypted kshell - UColorado, > Boulder > webster 2627/tcp# Network dictionary > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >
services(5): more cleanup
On Wed, May 05 2021, Stuart Henderson wrote: > On 2021/05/04 12:07, Jan Klemkow wrote: >> Hi, >> >> Add missing ftps defaults ports to servies(5). >> >> OK? >> >> bye, >> Jan >> >> Index: services >> === >> RCS file: /cvs/src/etc/services,v >> retrieving revision 1.99 >> diff -u -p -r1.99 services >> --- services 18 Feb 2021 02:30:29 - 1.99 >> +++ services 4 May 2021 10:01:35 - >> @@ -318,6 +318,10 @@ krb_prop754/tcp hprop # >> Kerberos slav >> krbupdate 760/tcp kreg# BSD Kerberos registration >> supfilesrv 871/tcp # SUP server >> swat901/tcp # Samba Web >> Administration Tool >> +ftps-data 989/tcp # ftp data over TLS/SSL >> +ftps-data 989/udp # ftp data over TLS/SSL >> +ftps990/tcp # ftp control over >> TLS/SSL >> +ftps990/udp # ftp control over >> TLS/SSL > > I'm OK with adding the TCP ones (though ftp-over-tls always makes me > want to rant...). It's not going to run on UDP though so I think those > should not be added. +2 > Every new entry in this file reduces the range available for dynamic > port selection, so it would seem a good idea to cull a few if we're > adding some. Here are some likely candidates; > > - removed a few UDP entries for protocols that won't use it > > - dropped some obsolete protocols I'd like to drop SWAT, unofficial and dropped by the samba project around the switch to samba4. > - moved smtps/465 to the standards section (rfc8314) The new service was named "submissions". I guess we should use both that and the "smtps" alias. https://datatracker.ietf.org/doc/html/rfc8314#section-7.3 ok? Index: services === RCS file: /d/cvs/src/etc/services,v retrieving revision 1.100 diff -u -p -p -u -r1.100 services --- services5 May 2021 11:49:17 - 1.100 +++ services11 May 2021 23:03:12 - @@ -123,7 +123,7 @@ microsoft-ds445/tcp # Microsoft-DS microsoft-ds 445/udp # Microsoft-DS kpasswd464/tcp # Kerberos 5 password changing kpasswd464/udp # Kerberos 5 password changing -smtps 465/tcp # mail message submission (TLS) +submissions465/tcp smtps # mail message submission (TLS) photuris 468/tcp # Photuris Key Management photuris 468/udp isakmp 500/udp # ISAKMP key management @@ -296,7 +296,6 @@ kerberos_master 751/udp # Kerberos 4 kerberos_master751/tcp # Kerberos 4 kadmin krb_prop 754/tcp hprop # Kerberos slave propagation krbupdate 760/tcp kreg# BSD Kerberos registration -swat 901/tcp # Samba Web Administration Tool datametrics1645/udp ekshell2 2106/tcp# Encrypted kshell - UColorado, Boulder webster2627/tcp# Network dictionary -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE