On 2014/07/16 11:02, Craig R. Skinner wrote: > On 2014-07-15 Tue 16:04 PM |, Theo de Raadt wrote: > > >On Tue, Jul 15, 2014 at 12:22:37PM +0100, Craig R. Skinner wrote: > > >> > > >> Suggestion of add NSD, Unbound & BIND control ports to /etc/services: > > > > > >Makes sense to me. Anyone want to OK this? > > > > > >> Index: etc/services > > >> =================================================================== > > >> RCS file: /cvs/src/etc/services,v > > >> retrieving revision 1.87 > > >> diff -u -p -r1.87 services > > >> --- etc/services 12 Jul 2014 14:51:07 -0000 1.87 > > >> +++ etc/services 15 Jul 2014 11:17:31 -0000 > > >> @@ -181,6 +181,8 @@ kerberos-adm 749/tcp # > > >> Kerberos 5 kad > > >> kerberos-adm 749/udp # Kerberos 5 kadmin > > >> rsync 873/tcp # rsync server > > >> cddb 888/tcp cddbp # Audio CD Database > > >> +named-rndc 953/tcp # Domain Name System > > >> (DNS) BIND RNDC Service > > >> +named-rndc 953/udp # Domain Name System > > >> (DNS) BIND RNDC Service > > >> imaps 993/tcp # imap4 protocol over > > >> TLS/SSL > > >> imaps 993/udp # imap4 protocol over > > >> TLS/SSL > > >> pop3s 995/tcp spop3 # pop3 protocol over > > >> TLS/SSL > > > > That means two more reserved ports are taken out of the bucket. > > > > Strip out the Kerberos stuff?????:
Not sure (Antoine would know better), but this may be needed for Kerberos in ports. > > $ fgrep -i Kerberos etc/services > kerberos 88/udp kerberos-sec # Kerberos 5 UDP > kerberos 88/tcp kerberos-sec # Kerberos 5 TCP > kpasswd 464/tcp # Kerberos 5 password > changing > kpasswd 464/udp # Kerberos 5 password > changing > klogin 543/tcp # Kerberos > authenticated rlogin > kshell 544/tcp krcmd # Kerberos remote shell > ekshell 545/tcp # Kerberos encrypted > shell > kerberos-adm 749/tcp # Kerberos 5 kadmin > kerberos-adm 749/udp # Kerberos 5 kadmin > kpop 1109/tcp # Pop with Kerberos > eklogin 2105/tcp # Kerberos encrypted > rlogin > rkinit 2108/tcp # Kerberos remote kinit > kx 2111/tcp # X over kerberos > kip 2112/tcp # IP over kerberos > iprop 2121/tcp # Kerberos incremental > propagation > krb524 4444/tcp # Kerberos 5->4 > krb524 4444/udp # Kerberos 5->4 > afs3-kaserver 7004/tcp # AFS kerberos authentication > server > afs3-kaserver 7004/udp # AFS kerberos authentication > server > kerberos-iv 750/udp kdc # Kerberos authentication--udp > kerberos-iv 750/tcp kdc # Kerberos authentication--tcp > kerberos_master 751/udp # Kerberos 4 kadmin > kerberos_master 751/tcp # Kerberos 4 kadmin > krb_prop 754/tcp hprop # Kerberos slave propagation > krbupdate 760/tcp kreg # BSD Kerberos registration >