1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
## UIF 1.0 sample services file
# Copyright (C) 2002-2015, Cajus Pollmeier <pollmeier@gonicus.de>
# Copyright (C) 2002-2015, Jörg Platte <jplatte@gmx.net>
# Copyright (C) 2013-2015, Alex Owen <r.alex.owen@gmail.com>
# Copyright (C) 2013-2022, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
service {
# ICMP & Routing
traceroute udp(32769:65535/33434:33523)
# ICMP protocol: IPv4 and IPv6 ICMP types
ping icmp(echo-request) ipv6-icmp(echo-request)
pong icmp(echo-reply) ipv6-icmp(echo-reply)
noroute icmp(destination-unreachable) ipv6-icmp(destination-unreachable)
router-advertisement icmp(router-advertisement) ipv6-icmp(router-advertisement)
router-solicitation icmp(router-solicitation) ipv6-icmp(router-solicitation)
# ICMP protocol: IPv4-only ICMP types
host-unreachable icmp(host-unreachable)
ttl-exceeded icmp(ttl-exceeded)
source-quench icmp(source-quench)
# ICMP protocol: IPv6-only ICMP types
packet-too-big ipv6-icmp(packet-too-big)
time-exceeded ipv6-icmp(time-exceeded)
parameter-problem ipv6-icmp(parameter-problem)
neighbor-advertisement ipv6-icmp(neighbor-advertisement)
neighbor-solicitation ipv6-icmp(neighbor-solicitation)
# Most common services you may want to filter
ftp tcp(/21)
ssh tcp(/22)
telnet tcp(/23)
smtp tcp(/25)
whois tcp(/43)
dns tcp(/53) udp(/53)
bootp tcp(68/67) udp(68/67)
http tcp(/80)
kerberos5 tcp(/88)
pop3 tcp(/110)
sunrpc udp(/111) tcp(/111)
ident tcp(/113)
ntp udp(/123)
nntp tcp(/119)
smb tcp(/137:139) udp(/137:139) tcp(/445) udp(/445)
imap tcp(/143)
xdmcp udp(/177)
ldap tcp(/389)
https tcp(/443)
ssmtp tcp(/465)
syslog udp(/514)
route udp(/520) icmp(9)
uucp tcp(/540)
real tcp(/554)
ipp tcp(/631) udp(/631)
mount udp(/635)
ldaps tcp(/636)
kerberos4 tcp(/750)
kerberos-master tcp(/751)
passwd-server tcp(/752)
krb-prop tcp(/754)
krbupdate tcp(/760)
swat tcp(/901)
imaps tcp(/993)
pop3s tcp(/995)
openvpn udp(/1194) tcp(/1194)
nfs udp(/2049) tcp(/2049)
cvspserver tcp(/2401)
squid tcp(/3128)
mysql tcp(/3306)
rdp tcp(/3389)
munin tcp(/4949)
cfengine tcp(/5308)
xmpp-client tcp(/5222) udp(/5222)
xmpp-server tcp(/5223) udp(/5223)
icinga2 tcp(/5665)
vnc-support tcp(/5500:5509)
x11 tcp(/6000:6063)
proxy tcp(/8080)
puppet tcp(/8140)
webmin tcp(/10000)
dhis udp(/58800)
# ipsec
ipsec esp(/) udp(/500)
# some proprietary protocols
arkeia tcp(/617)
pcanywhere udp(/5632) tcp(/5631)
msterminal tcp(/3389) udp(/3389)
# some protocols
igmp igmp()
pim pim()
tcp tcp(0:65535/0:65535)
udp udp(0:65535/0:65535)
# some useful definitions
lowports udp(/1:1023) tcp(/1:1023)
highports udp(/1024:65535) tcp(/1024:65535)
}
|
