Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME

       sanewall-services - Sanewall service list

SERVICES

       This Wikipedia list of ports[1] may be helpful if you need to define a new service.

       AH - IPSec Authentication Header (AH)
             .

       Example
           Configuration sample:

               server AH accept

       Server Ports
           51/any

       Client Ports
           any

       Links
           Wikipedia[2]

       Notes
           For more information see this Archive of the FreeS/WAN documentation[3] and RFC
           2402[4].

       all - Match all traffic
             .

       Example
           Configuration sample:

               server all accept

       Server Ports
           all

       Client Ports
           all

       Notes
           Matches all traffic (all protocols, ports, etc) while ensuring that required kernel
           modules are loaded.

           This service may indirectly setup a set of other services, if they require kernel
           modules to be loaded. The following complex services are activated:
               ftp - File Transfer Protocol

               irc - Internet Relay Chat

       amanda - Advanced Maryland Automatic Network Disk Archiver
             .

       Server Ports
           udp/10080

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_amanda (CONFIG_NF_CONNTRACK_AMANDA[5])

       Netfilter NAT Modules
           nf_nat_amanda (CONFIG_NF_NAT_AMANDA[6])

       Links
           Homepage[7], Wikipedia[8]

       any - Match all traffic (without modules or indirect)
             .

       Example
           Configuration sample:

               server any myname accept proto 47

       Server Ports
           all

       Client Ports
           all

       Notes
           Matches all traffic (all protocols, ports, etc), but does not care about kernel
           modules and does not activate any other service indirectly. In combination with the
           optional rule parameters: sanewall-rule-params(5) this service can match unusual
           traffic (e.g. GRE - protocol 47).

       anystateless - Match all traffic statelessly
             .

       Example
           Configuration sample:

               server anystateless myname accept proto 47

       Server Ports
           all

       Client Ports
           all

       Notes
           Matches all traffic (all protocols, ports, etc), but does not care about kernel
           modules and does not activate any other service indirectly. In combination with the
           optional rule parameters: sanewall-rule-params(5) this service can match unusual
           traffic (e.g. GRE - protocol 47).

           This service is identical to "any" but does not care about the state of traffic.

       apcupsd - APC UPS Daemon
             .

       Example
           Configuration sample:

               server apcupsd accept

       Server Ports
           tcp/6544

       Client Ports
           default

       Links
           Homepage[9], Wikipedia[10]

       Notes
           This service must be defined as "server apcupsd accept" on all machines not directly
           connected to the UPS (i.e. slaves).

           Note that the port defined here is not the default port (6666) used if you download
           and compile APCUPSD, since the default conflicts with IRC and many distributions (like
           Debian) have changed this to 6544.

           You can define port 6544 in APCUPSD, by changing the value of NETPORT in its
           configuration file, or overwrite this Sanewall service definition using the procedures
           described in the section called “ADDING SERVICES” of Sanewall configuration:
           sanewall.conf(5).

       apcupsdnis - APC UPS Daemon Network Information Server
             .

       Example
           Configuration sample:

               server apcupsdnis accept

       Server Ports
           tcp/3551

       Client Ports
           default

       Links
           Homepage[9], Wikipedia[10]

       Notes
           This service allows the remote WEB interfaces of APCUPSD[11], to connect and get
           information from the server directly connected to the UPS device.

       aptproxy - Advanced Packaging Tool Proxy
             .

       Example
           Configuration sample:

               server aptproxy accept

       Server Ports
           tcp/9999

       Client Ports
           default

       Links
           Wikipedia[12]

       asterisk - Asterisk PABX
             .

       Example
           Configuration sample:

               server asterisk accept

       Server Ports
           tcp/5038

       Client Ports
           default

       Links
           Homepage[13], Wikipedia[14]

       Notes
           This service refers only to the manager interface of asterisk. You should normally
           enable sip - Session Initiation Protocol, h323 - H.323 VoIP, rtp - Real-time Transport
           Protocol, etc. at the firewall level, if you enable the relative channel drivers of
           asterisk.

       cups - Common UNIX Printing System
             .

       Example
           Configuration sample:

               server cups accept

       Server Ports
           tcp/631 udp/631

       Client Ports
           any

       Links
           Homepage[15], Wikipedia[16]

       custom - Custom definitions
             .

       Example
           Configuration sample:

               server custom myimap tcp/143 default accept

       Server Ports
           N/A

       Client Ports
           N/A

       Notes
           The full syntax is:

           subcommand custom namesvr-proto/portscli-portsactionparams

           This service is used by Sanewall to allow you create rules for services which do not
           have a definition.

           subcommand, action and params have their usual meanings.

           A name must be supplied along with server ports in the form proto/range and client
           ports which takes only a range.

           To define services with the built-in extension mechanism to avoid the need for custom
           services, see the section called “ADDING SERVICES” of Sanewall configuration:
           sanewall.conf(5).

       cvspserver - Concurrent Versions System
             .

       Example
           Configuration sample:

               server cvspserver accept

       Server Ports
           tcp/2401

       Client Ports
           default

       Links
           Homepage[17], Wikipedia[18]

       darkstat - Darkstat network traffic analyser
             .

       Example
           Configuration sample:

               server darkstat accept

       Server Ports
           tcp/666

       Client Ports
           default

       Links
           Homepage[19]

       daytime - Daytime Protocol
             .

       Example
           Configuration sample:

               server daytime accept

       Server Ports
           tcp/13

       Client Ports
           default

       Links
           Wikipedia[20]

       dcc - Distributed Checksum Clearinghouse
             .

       Example
           Configuration sample:

               server dcc accept

       Server Ports
           udp/6277

       Client Ports
           default

       Links
           Wikipedia[21]

       Notes
           See also this DCC FAQ[22].

       dcpp - Direct Connect++ P2P
             .

       Example
           Configuration sample:

               server dcpp accept

       Server Ports
           tcp/1412 udp/1412

       Client Ports
           default

       Links
           Homepage[23]

       dhcp - Dynamic Host Configuration Protocol
             .

       Example
           Configuration sample:

               server dhcp accept

       Server Ports
           udp/67

       Client Ports
           68

       Links
           Wikipedia[24]

       Notes
           The dhcp service is implemented as stateless rules.

           DHCP clients broadcast to the network (src 0.0.0.0 dst 255.255.255.255) to find a DHCP
           server. If the DHCP service was stateful the iptables connection tracker would not
           match the packets and deny to send the reply.

           Note that this change does not affect the security of either DHCP servers or clients,
           since only the specific ports are allowed (there is no random port at either the
           server or the client side).

           Note also that the "server dhcp accept" or "client dhcp accept" commands should placed
           within interfaces that do not have src and / or dst defined (because of the initial
           broadcast).

           You can overcome this problem by placing the DHCP service on a separate interface,
           without a src or dst but with a policy return. Place this interface before the one
           that defines the rest of the services.

           For example:

                         interface eth0 dhcp
                             policy return
                             server dhcp accept

                         interface eth0 lan src "$mylan" dst "$myip"
                             client all accept

       dhcprelay - DHCP Relay
             .

       Example
           Configuration sample:

               server dhcprelay accept

       Server Ports
           udp/67

       Client Ports
           67

       Links
           Wikipedia[25]

       Notes
           From RFC 1812 section 9.1.2:

           In many cases, BOOTP clients and their associated BOOTP server(s) do not reside on the
           same IP (sub)network. In such cases, a third-party agent is required to transfer BOOTP
           messages between clients and servers. Such an agent was originally referred to as a
           BOOTP forwarding agent. However, to avoid confusion with the IP forwarding function of
           a router, the name BOOTP relay agent has been adopted instead.

           For more information about DHCP Relay see section 9.1.2 of RFC 1812[26] and section 4
           of RFC 1542[27]

       dict - Dictionary Server Protocol
             .

       Example
           Configuration sample:

               server dict accept

       Server Ports
           tcp/2628

       Client Ports
           default

       Links
           Wikipedia[28]

       Notes
           See RFC2229[29].

       distcc - Distributed CC
             .

       Example
           Configuration sample:

               server distcc accept

       Server Ports
           tcp/3632

       Client Ports
           default

       Links
           Homepage[30], Wikipedia[31]

       Notes
           For distcc security, please check the distcc security design[32].

       dns - Domain Name System
             .

       Example
           Configuration sample:

               server dns accept

       Server Ports
           udp/53 tcp/53

       Client Ports
           any

       Links
           Wikipedia[33]

       Notes
           On very busy DNS servers you may see a few dropped DNS packets in your logs. This is
           normal. The iptables connection tracker will timeout the session and lose unmatched
           DNS packets that arrive too late to be useful.

       echo - Echo Protocol
             .

       Example
           Configuration sample:

               server echo accept

       Server Ports
           tcp/7

       Client Ports
           default

       Links
           Wikipedia[34]

       emule - eMule (Donkey network client)
             .

       Example
           Configuration sample:

               client emule accept src 192.0.2.1

       Server Ports
           many

       Client Ports
           many

       Links
           Homepage[35]

       Notes
           According to eMule Port Definitions[36], Sanewall defines:

               Accept from any client port to the server at tcp/4661
               Accept from any client port to the server at tcp/4662
               Accept from any client port to the server at udp/4665
               Accept from any client port to the server at udp/4672
               Accept from any server port to the client at tcp/4662
               Accept from any server port to the client at udp/4672

           Use the Sanewall client command: sanewall-client(5) command to match the eMule client.

           Please note that the eMule client is an HTTP client also.

       eserver - eDonkey network server
             .

       Example
           Configuration sample:

               server eserver accept

       Server Ports
           tcp/4661 udp/4661 udp/4665

       Client Ports
           any

       Links
           Wikipedia[37]

       ESP - IPSec Encapsulated Security Payload (ESP)
             .

       Example
           Configuration sample:

               server ESP accept

       Server Ports
           50/any

       Client Ports
           any

       Links
           Wikipedia[38]

       Notes
           For more information see this Archive of the FreeS/WAN documentation[39]RFC 2406[40].

       finger - Finger Protocol
             .

       Example
           Configuration sample:

               server finger accept

       Server Ports
           tcp/79

       Client Ports
           default

       Links
           Wikipedia[41]

       ftp - File Transfer Protocol
             .

       Example
           Configuration sample:

               server ftp accept

       Server Ports
           tcp/21

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_ftp (CONFIG_NF_CONNTRACK_FTP[42])

       Netfilter NAT Modules
           nf_nat_ftp (CONFIG_NF_NAT_FTP[43])

       Links
           Wikipedia[44]

       Notes
           The FTP service matches both active and passive FTP connections.

       gift - giFT Internet File Transfer
             .

       Example
           Configuration sample:

               server gift accept

       Server Ports
           tcp/4302 tcp/1214 tcp/2182 tcp/2472

       Client Ports
           any

       Links
           Homepage[45], Wikipedia[46]

       Notes
           The gift Sanewall service supports:

               Gnutella listening at tcp/4302
               FastTrack listening at tcp/1214
               OpenFT listening at tcp/2182 and tcp/2472

           The above ports are the defaults given for the corresponding giFT modules.

           To allow access to the user interface ports of giFT, use the giftui - giFT Internet
           File Transfer User Interface Sanewall service.

       giftui - giFT Internet File Transfer User Interface
             .

       Example
           Configuration sample:

               server giftui accept

       Server Ports
           tcp/1213

       Client Ports
           default

       Links
           Homepage[45], Wikipedia[46]

       Notes
           This service refers only to the user interface ports offered by giFT. To allow gift
           accept P2P requests, use the gift - giFT Internet File Transfer Sanewall service.

       gkrellmd - GKrellM Daemon
             .

       Example
           Configuration sample:

               server gkrellmd accept

       Server Ports
           tcp/19150

       Client Ports
           default

       Links
           Homepage[47], Wikipedia[48]

       GRE - Generic Routing Encapsulation
             .

       Example
           Configuration sample:

               server GRE accept

       Server Ports
           47/any

       Client Ports
           any

       Netfilter Modules
           nf_conntrack_proto_gre (CONFIG_NF_CT_PROTO_GRE[49])

       Netfilter NAT Modules
           nf_nat_proto_gre (CONFIG_NF_NAT_PROTO_GRE[50])

       Links
           Wikipedia[51]

       Notes
           Protocol No 47.

           For more information see RFC RFC 2784[52].

       h323 - H.323 VoIP
             .

       Example
           Configuration sample:

               server h323 accept

       Server Ports
           tcp/1720

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_h323 (CONFIG_NF_CONNTRACK_H323[53])

       Netfilter NAT Modules
           nf_nat_h323 (CONFIG_NF_NAT_H323[54])

       Links
           Wikipedia[55]

       heartbeat - HeartBeat
             .

       Example
           Configuration sample:

               server heartbeat accept

       Server Ports
           udp/690:699

       Client Ports
           default

       Links
           Homepage[56]

       Notes
           This Sanewall service has been designed such a way that it will allow multiple
           heartbeat clusters on the same LAN.

       http - Hypertext Transfer Protocol
             .

       Example
           Configuration sample:

               server http accept

       Server Ports
           tcp/80

       Client Ports
           default

       Links
           Wikipedia[57]

       httpalt - HTTP alternate port
             .

       Example
           Configuration sample:

               server httpalt accept

       Server Ports
           tcp/8080

       Client Ports
           default

       Links
           Wikipedia[57]

       Notes
           This port is commonly used by web servers, web proxies and caches where the standard
           http - Hypertext Transfer Protocol port is not available or can or should not be used.

       https - Secure Hypertext Transfer Protocol
             .

       Example
           Configuration sample:

               server https accept

       Server Ports
           tcp/443

       Client Ports
           default

       Links
           Wikipedia[58]

       hylafax - HylaFAX
             .

       Example
           Configuration sample:

               server hylafax accept

       Server Ports
           many

       Client Ports
           many

       Links
           Homepage[59], Wikipedia[60]

       Notes
           This complex service allows incoming requests to server port tcp/4559 and outgoing
           from server port tcp/4558.

           The correct operation of this service has not been verified.

           USE THIS WITH CARE. A HYLAFAX CLIENT MAY OPEN ALL TCP UNPRIVILEGED PORTS TO ANYONE
           (from port tcp/4558).

       iax - Inter-Asterisk eXchange
             .

       Example
           Configuration sample:

               server iax accept

       Server Ports
           udp/5036

       Client Ports
           default

       Links
           Homepage[13], Wikipedia[61]

       Notes
           This service refers to IAX version 1. There is also iax2 - Inter-Asterisk eXchange v2.

       iax2 - Inter-Asterisk eXchange v2
             .

       Example
           Configuration sample:

               server iax2 accept

       Server Ports
           udp/5469 udp/4569

       Client Ports
           default

       Links
           Homepage[13], Wikipedia[61]

       Notes
           This service refers to IAX version 2. There is also iax - Inter-Asterisk eXchange.

       icmp - Internet Control Message Protocol
             .

       Example
           Configuration sample:

               server icmp accept

       Server Ports
           icmp/any

       Client Ports
           any

       Links
           Wikipedia[62]

       ICMP - Internet Control Message Protocol
             .

       Alias
           See icmp - Internet Control Message Protocol

       icp - Internet Cache Protocol
             .

       Example
           Configuration sample:

               server icp accept

       Server Ports
           udp/3130

       Client Ports
           3130

       Links
           Wikipedia[63]

       ident - Identification Protocol
             .

       Example
           Configuration sample:

               server ident reject with tcp-reset

       Server Ports
           tcp/113

       Client Ports
           default

       Links
           Wikipedia[64]

       imap - Internet Message Access Protocol
             .

       Example
           Configuration sample:

               server imap accept

       Server Ports
           tcp/143

       Client Ports
           default

       Links
           Wikipedia[65]

       imaps - Secure Internet Message Access Protocol
             .

       Example
           Configuration sample:

               server imaps accept

       Server Ports
           tcp/993

       Client Ports
           default

       Links
           Wikipedia[65]

       ipsecnatt - NAT traversal and IPsec
             .

       Server Ports
           udp/4500

       Client Ports
           any

       Links
           Wikipedia[66]

       irc - Internet Relay Chat
             .

       Example
           Configuration sample:

               server irc accept

       Server Ports
           tcp/6667

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_irc (CONFIG_NF_CONNTRACK_IRC[67])

       Netfilter NAT Modules
           nf_nat_irc (CONFIG_NF_NAT_IRC[68])

       Links
           Wikipedia[69]

       isakmp - Internet Security Association and Key Management Protocol (IKE)
             .

       Example
           Configuration sample:

               server isakmp accept

       Server Ports
           udp/500

       Client Ports
           any

       Links
           Wikipedia[70]

       Notes
           For more information see the Archive of the FreeS/WAN documentation[71]

       jabber - Extensible Messaging and Presence Protocol
             .

       Example
           Configuration sample:

               server jabber accept

       Server Ports
           tcp/5222 tcp/5223

       Client Ports
           default

       Links
           Wikipedia[72]

       Notes
           Allows clear and SSL client-to-server connections.

       jabberd - Extensible Messaging and Presence Protocol (Server)
             .

       Example
           Configuration sample:

               server jabberd accept

       Server Ports
           tcp/5222 tcp/5223 tcp/5269

       Client Ports
           default

       Links
           Wikipedia[72]

       Notes
           Allows clear and SSL client-to-server and server-to-server connections.

           Use this service for a jabberd server. In all other cases, use the jabber - Extensible
           Messaging and Presence Protocol service.

       l2tp - Layer 2 Tunneling Protocol
             .

       Server Ports
           udp/1701

       Client Ports
           any

       Links
           Wikipedia[73]

       ldap - Lightweight Directory Access Protocol
             .

       Example
           Configuration sample:

               server ldap accept

       Server Ports
           tcp/389

       Client Ports
           default

       Links
           Wikipedia[74]

       ldaps - Secure Lightweight Directory Access Protocol
             .

       Example
           Configuration sample:

               server ldaps accept

       Server Ports
           tcp/636

       Client Ports
           default

       Links
           Wikipedia[74]

       lpd - Line Printer Daemon Protocol
             .

       Example
           Configuration sample:

               server lpd accept

       Server Ports
           tcp/515

       Client Ports
           any

       Links
           Wikipedia[75]

       Notes
           LPD is documented in RFC 1179[76].

           Since many operating systems incorrectly use the non-default client ports for LPD
           access, this definition allows any client port to access the service (in addition to
           the RFC defined 721 to 731 inclusive).

       microsoft_ds - Direct Hosted (NETBIOS-less) SMB
             .

       Example
           Configuration sample:

               server microsoft_ds accept

       Server Ports
           tcp/445

       Client Ports
           default

       Notes
           Direct Hosted (i.e. NETBIOS-less SMB)

           This is another NETBIOS Session Service with minor differences with netbios_ssn -
           NETBIOS Session Service. It is supported only by Windows 2000 and Windows XP and it
           offers the advantage of being independent of WINS for name resolution.

           It seems that samba supports transparently this protocol on the netbios_ssn - NETBIOS
           Session Service ports, so that either direct hosted or traditional SMB can be served
           simultaneously.

           Please refer to the netbios_ssn - NETBIOS Session Service service for more
           information.

       mms - Microsoft Media Server
             .

       Example
           Configuration sample:

               server mms accept

       Server Ports
           tcp/1755 udp/1755

       Client Ports
           default

       Netfilter Modules
           See here[77].

       Netfilter NAT Modules
           See here[77].

       Links
           Wikipedia[78]

       Notes
           Microsoft's proprietary network streaming protocol used to transfer unicast data in
           Windows Media Services (previously called NetShow Services).

       msn - Microsoft MSN Messenger Service
             .

       Example
           Configuration sample:

               server msn accept

       Server Ports
           tcp/1863 udp/1863

       Client Ports
           default

       msnp - msnp
             .

       Example
           Configuration sample:

               server msnp accept

       Server Ports
           tcp/6891

       Client Ports
           default

       ms_ds - Direct Hosted (NETBIOS-less) SMB
             .

       Alias
           See microsoft_ds - Direct Hosted (NETBIOS-less) SMB

       multicast - Multicast
             .

       Example
           Configuration sample:

               server multicast reject with proto-unreach

       Server Ports
           N/A

       Client Ports
           N/A

       Links
           Wikipedia[79]

       Notes
           The multicast service matches all packets sent to 224.0.0.0/4 using IGMP or UDP.

       mysql - MySQL
             .

       Example
           Configuration sample:

               server mysql accept

       Server Ports
           tcp/3306

       Client Ports
           default

       Links
           Homepage[80], Wikipedia[81]

       netbackup - Veritas NetBackup service
             .

       Example
           Configuration sample:

               server netbackup accept
               client netbackup accept

       Server Ports
           tcp/13701 tcp/13711 tcp/13720 tcp/13721 tcp/13724 tcp/13782 tcp/13783

       Client Ports
           any

       Links
           Wikipedia[82]

       Notes
           To use this service you must define it as both client and server in NetBackup clients
           and NetBackup servers.

       netbios_dgm - NETBIOS Datagram Distribution Service
             .

       Example
           Configuration sample:

               server netbios_dgm accept

       Server Ports
           udp/138

       Client Ports
           any

       Links
           Wikipedia[83]

       Notes
           See also the samba - Samba service.

           Keep in mind that this service broadcasts (to the broadcast address of your LAN) UDP
           packets. If you place this service within an interface that has a dst parameter,
           remember to include (in the dst parameter) the broadcast address of your LAN too.

       netbios_ns - NETBIOS Name Service
             .

       Example
           Configuration sample:

               server netbios_ns accept

       Server Ports
           udp/137

       Client Ports
           any

       Links
           Wikipedia[84]

       Notes
           See also the samba - Samba service.

       netbios_ssn - NETBIOS Session Service
             .

       Example
           Configuration sample:

               server netbios_ssn accept

       Server Ports
           tcp/139

       Client Ports
           default

       Links
           Wikipedia[85]

       Notes
           See also the samba - Samba service.

           Please keep in mind that newer NETBIOS clients prefer to use port 445 (microsoft_ds -
           Direct Hosted (NETBIOS-less) SMB) for the NETBIOS session service, and when this is
           not available they fall back to port 139 (netbios_ssn). Versions of samba above 3.x
           bind automatically to ports 139 and 445.

           If you have an older samba version and your policy on an interface or router is DROP,
           clients trying to access port 445 will have to timeout before falling back to port
           139. This timeout can be up to several minutes.

           To overcome this problem you can explicitly REJECT the microsoft_ds - Direct Hosted
           (NETBIOS-less) SMB service with a tcp-reset message:

           server microsoft_ds reject with tcp-reset

       nfs - Network File System
             .

       Example
           Configuration sample:

               client nfs accept dst 192.0.2.1

       Server Ports
           many

       Client Ports
           N/A

       Links
           Wikipedia[86]

       Notes
           The NFS service queries the RPC service on the NFS server host to find out the ports
           nfsd, mountd, lockd and rquotad are listening. Then, according to these ports it sets
           up rules on all the supported protocols (as reported by RPC) in order the clients to
           be able to reach the server.

           For this reason, the NFS service requires that:

               the firewall is restarted if the NFS server is restarted
               the NFS server must be specified on all nfs statements (only if it is not the
               localhost)

           Since NFS queries the remote RPC server, it is required to also be allowed to do so,
           by allowing the portmap - Open Network Computing Remote Procedure Call - Port Mapper
           service too. Take care that this is allowed by the running firewall when Sanewall
           tries to query the RPC server. So you might have to setup NFS in two steps: First add
           the portmap service and activate the firewall, then add the NFS service and restart
           the firewall.

           To avoid this you can setup your NFS server to listen on pre-defined ports, as
           documented in NFS Howto[87]. If you do this then you will have to define the the ports
           using the procedure described in the section called “ADDING SERVICES” of Sanewall
           configuration: sanewall.conf(5).

       nis - Network Information Service
             .

       Example
           Configuration sample:

               client nis accept dst 192.0.2.1

       Server Ports
           many

       Client Ports
           N/A

       Links
           Wikipedia[88]

       Notes
           The nis service queries the RPC service on the nis server host to find out the ports
           ypserv and yppasswdd are listening. Then, according to these ports it sets up rules on
           all the supported protocols (as reported by RPC) in order the clients to be able to
           reach the server.

           For this reason, the nis service requires that:

               the firewall is restarted if the nis server is restarted
               the nis server must be specified on all nis statements (only if it is not the
               localhost)

           Since nis queries the remote RPC server, it is required to also be allowed to do so,
           by allowing the portmap - Open Network Computing Remote Procedure Call - Port Mapper
           service too. Take care that this is allowed by the running firewall when Sanewall
           tries to query the RPC server. So you might have to setup nis in two steps: First add
           the portmap service and activate the firewall, then add the nis service and restart
           the firewall.

           This service was added to FireHOL by Carlos Rodrigues[89]. His comments regarding this
           implementation, are:

           These rules work for client access only!

           Pushing changes to slave servers won't work if these rules are active somewhere
           between the master and its slaves, because it is impossible to predict the ports where
           yppush will be listening on each push.

           Pulling changes directly on the slaves will work, and could be improved
           performance-wise if these rules are modified to open fypxfrd. This wasn't done because
           it doesn't make that much sense since pushing changes on the master server is the most
           common, and recommended, way to replicate maps.

       nntp - Network News Transfer Protocol
             .

       Example
           Configuration sample:

               server nntp accept

       Server Ports
           tcp/119

       Client Ports
           default

       Links
           Wikipedia[90]

       nntps - Secure Network News Transfer Protocol
             .

       Example
           Configuration sample:

               server nntps accept

       Server Ports
           tcp/563

       Client Ports
           default

       Links
           Wikipedia[90]

       nrpe - Nagios NRPE
             .

       Server Ports
           tcp/5666

       Client Ports
           default

       Links
           Wikipedia[91]

       ntp - Network Time Protocol
             .

       Example
           Configuration sample:

               server ntp accept

       Server Ports
           udp/123 tcp/123

       Client Ports
           any

       Links
           Wikipedia[92]

       nut - Network UPS Tools
             .

       Example
           Configuration sample:

               server nut accept

       Server Ports
           tcp/3493 udp/3493

       Client Ports
           default

       Links
           Homepage[93]

       nxserver - NoMachine NX Server
             .

       Example
           Configuration sample:

               server nxserver accept

       Server Ports
           tcp/5000:5200

       Client Ports
           default

       Links
           Wikipedia[94]

       Notes
           Default ports used by NX server for connections without encryption.

           Note that nxserver also needs the ssh - Secure Shell Protocol service to be enabled.

           This information has been extracted from this The TCP ports used by nxserver are 4000
           + DISPLAY_BASE to 4000 + DISPLAY_BASE + DISPLAY_LIMIT. DISPLAY_BASE and DISPLAY_LIMIT
           are set in /usr/NX/etc/node.conf and the defaults are DISPLAY_BASE=1000 and
           DISPLAY_LIMIT=200.

           For encrypted nxserver sessions, only ssh - Secure Shell Protocol is needed.

       openvpn - OpenVPN
             .

       Server Ports
           tcp/1194 udp/1194

       Client Ports
           default

       Links
           Homepage[95], Wikipedia[96]

       oracle - Oracle Database
             .

       Example
           Configuration sample:

               server oracle accept

       Server Ports
           tcp/1521

       Client Ports
           default

       Links
           Wikipedia[97]

       OSPF - Open Shortest Path First
             .

       Example
           Configuration sample:

               server OSPF accept

       Server Ports
           89/any

       Client Ports
           any

       Links
           Wikipedia[98]

       ping - Ping (ICMP echo)
             .

       Example
           Configuration sample:

               server ping accept

       Server Ports
           N/A

       Client Ports
           N/A

       Links
           Wikipedia[99]

       Notes
           This services matches requests of protocol ICMP and type echo-request (TYPE=8) and
           their replies of type echo-reply (TYPE=0).

           The ping service is stateful.

       pop3 - Post Office Protocol
             .

       Example
           Configuration sample:

               server pop3 accept

       Server Ports
           tcp/110

       Client Ports
           default

       Links
           Wikipedia[100]

       pop3s - Secure Post Office Protocol
             .

       Example
           Configuration sample:

               server pop3s accept

       Server Ports
           tcp/995

       Client Ports
           default

       Links
           Wikipedia[100]

       portmap - Open Network Computing Remote Procedure Call - Port Mapper
             .

       Example
           Configuration sample:

               server portmap accept

       Server Ports
           udp/111 tcp/111

       Client Ports
           any

       Links
           Wikipedia[101]

       postgres - PostgreSQL
             .

       Example
           Configuration sample:

               server postgres accept

       Server Ports
           tcp/5432

       Client Ports
           default

       Links
           Wikipedia[102]

       pptp - Point-to-Point Tunneling Protocol
             .

       Example
           Configuration sample:

               server pptp accept

       Server Ports
           tcp/1723

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_pptp (CONFIG_NF_CONNTRACK_PPTP[103]), nf_conntrack_proto_gre
           (CONFIG_NF_CT_PROTO_GRE[49])

       Netfilter NAT Modules
           nf_nat_pptp (CONFIG_NF_NAT_PPTP[104]), nf_nat_proto_gre (CONFIG_NF_NAT_PROTO_GRE[50])

       Links
           Wikipedia[105]

       privoxy - Privacy Proxy
             .

       Example
           Configuration sample:

               server privoxy accept

       Server Ports
           tcp/8118

       Client Ports
           default

       Links
           Homepage[106]

       radius - Remote Authentication Dial In User Service (RADIUS)
             .

       Example
           Configuration sample:

               server radius accept

       Server Ports
           udp/1812 udp/1813

       Client Ports
           default

       Links
           Wikipedia[107]

       radiusold - Remote Authentication Dial In User Service (RADIUS)
             .

       Example
           Configuration sample:

               server radiusold accept

       Server Ports
           udp/1645 udp/1646

       Client Ports
           default

       Links
           Wikipedia[107]

       radiusoldproxy - Remote Authentication Dial In User Service (RADIUS)
             .

       Example
           Configuration sample:

               server radiusoldproxy accept

       Server Ports
           udp/1647

       Client Ports
           default

       Links
           Wikipedia[107]

       radiusproxy - Remote Authentication Dial In User Service (RADIUS)
             .

       Example
           Configuration sample:

               server radiusproxy accept

       Server Ports
           udp/1814

       Client Ports
           default

       Links
           Wikipedia[107]

       rdp - Remote Desktop Protocol
             .

       Example
           Configuration sample:

               server rdp accept

       Server Ports
           tcp/3389

       Client Ports
           default

       Links
           Wikipedia[108]

       Notes
           Remote Desktop Protocol is also known also as Terminal Services.

       rndc - Remote Name Daemon Control
             .

       Example
           Configuration sample:

               server rndc accept

       Server Ports
           tcp/953

       Client Ports
           default

       Links
           Wikipedia[109]

       rsync - rsync protocol
             .

       Example
           Configuration sample:

               server rsync accept

       Server Ports
           tcp/873 udp/873

       Client Ports
           default

       Links
           Homepage[110], Wikipedia[111]

       rtp - Real-time Transport Protocol
             .

       Example
           Configuration sample:

               server rtp accept

       Server Ports
           udp/10000:20000

       Client Ports
           any

       Links
           Wikipedia[112]

       Notes
           RTP ports are generally all the UDP ports. This definition narrows down RTP ports to
           UDP 10000 to 20000.

       samba - Samba
             .

       Example
           Configuration sample:

               server samba accept

       Server Ports
           many

       Client Ports
           default

       Links
           Homepage[113], Wikipedia[114]

       Notes
           The samba service automatically sets all the rules for netbios_ns - NETBIOS Name
           Service, netbios_dgm - NETBIOS Datagram Distribution Service, netbios_ssn - NETBIOS
           Session Service and microsoft_ds - Direct Hosted (NETBIOS-less) SMB.

           Please refer to the notes of the above services for more information.

           NETBIOS initiates based on the broadcast address of an interface (request goes to
           broadcast address) but the server responds from its own IP address. This makes the
           "server samba accept" statement drop the server reply, because of the way the iptables
           connection tracker works.

           This service definition includes a hack, that allows a Linux samba server to respond
           correctly in such situations, by allowing new outgoing connections from the well known
           netbios_ns - NETBIOS Name Service port to the clients high ports.

           However, for clients and routers this hack is not applied because it would open all
           unprivileged ports to the samba server. The only solution to overcome the problem in
           such cases (routers or clients) is to build a trust relationship between the samba
           servers and clients.

       sane - SANE Scanner service
             .

       Server Ports
           tcp/6566

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_sane (CONFIG_NF_CONNTRACK_SANE[115])

       Netfilter NAT Modules
           N/A

       Links
           Homepage[116]

       sip - Session Initiation Protocol
             .

       Example
           Configuration sample:

               server sip accept

       Server Ports
           udp/5060

       Client Ports
           5060 default

       Netfilter Modules
           nf_conntrack_sip (CONFIG_NF_CONNTRACK_SIP[117])

       Netfilter NAT Modules
           nf_nat_sip (CONFIG_NF_NAT_SIP[118])

       Links
           Wikipedia[119]

       Notes
           SIP[120] is an IETF standard protocol (RFC 2543) for initiating interactive user
           sessions involving multimedia elements such as video, voice, chat, gaming, etc. SIP
           works in the application layer of the OSI communications model.

       smtp - Simple Mail Transport Protocol
             .

       Example
           Configuration sample:

               server smtp accept

       Server Ports
           tcp/25

       Client Ports
           default

       Links
           Wikipedia[121]

       smtps - Secure Simple Mail Transport Protocol
             .

       Example
           Configuration sample:

               server smtps accept

       Server Ports
           tcp/465

       Client Ports
           default

       Links
           Wikipedia[122]

       snmp - Simple Network Management Protocol
             .

       Example
           Configuration sample:

               server snmp accept

       Server Ports
           udp/161

       Client Ports
           default

       Links
           Wikipedia[123]

       snmptrap - SNMP Trap
             .

       Example
           Configuration sample:

               server snmptrap accept

       Server Ports
           udp/162

       Client Ports
           any

       Links
           Wikipedia[124]

       Notes
           An SNMP trap is a notification from an agent to a manager.

       socks - SOCKet Secure
             .

       Example
           Configuration sample:

               server socks accept

       Server Ports
           tcp/1080 udp/1080

       Client Ports
           default

       Links
           Wikipedia[125]

       Notes
           See also RFC 1928[126].

       squid - Squid Web Cache
             .

       Example
           Configuration sample:

               server squid accept

       Server Ports
           tcp/3128

       Client Ports
           default

       Links
           Homepage[127], Wikipedia[128]

       ssh - Secure Shell Protocol
             .

       Example
           Configuration sample:

               server ssh accept

       Server Ports
           tcp/22

       Client Ports
           default

       Links
           Wikipedia[129]

       stun - Session Traversal Utilities for NAT
             .

       Example
           Configuration sample:

               server stun accept

       Server Ports
           udp/3478 udp/3479

       Client Ports
           any

       Links
           Wikipedia[130]

       Notes
           STUN[131] is a protocol for assisting devices behind a NAT firewall or router with
           their packet routing.

       submission - SMTP over SSL/TLS submission
             .

       Example
           Configuration sample:

               server submission accept

       Server Ports
           tcp/587

       Client Ports
           default

       Links
           Wikipedia[121]

       Notes
           Submission is essentially normal SMTP with an SSL/TLS negotation.

       sunrpc - Open Network Computing Remote Procedure Call - Port Mapper
             .

       Alias
           See portmap - Open Network Computing Remote Procedure Call - Port Mapper

       swat - Samba Web Administration Tool
             .

       Example
           Configuration sample:

               server swat accept

       Server Ports
           tcp/901

       Client Ports
           default

       Links
           Homepage[132]

       syslog - Syslog Remote Logging Protocol
             .

       Example
           Configuration sample:

               server syslog accept

       Server Ports
           udp/514

       Client Ports
           syslog default

       Links
           Wikipedia[133]

       telnet - Telnet
             .

       Example
           Configuration sample:

               server telnet accept

       Server Ports
           tcp/23

       Client Ports
           default

       Links
           Wikipedia[134]

       tftp - Trivial File Transfer Protocol
             .

       Example
           Configuration sample:

               server tftp accept

       Server Ports
           udp/69

       Client Ports
           default

       Netfilter Modules
           nf_conntrack_tftp (CONFIG_NF_CONNTRACK_TFTP[135])

       Netfilter NAT Modules
           nf_nat_tftp (CONFIG_NF_NAT_TFTP[136])

       Links
           Wikipedia[137]

       time - Time Protocol
             .

       Example
           Configuration sample:

               server time accept

       Server Ports
           tcp/37 udp/37

       Client Ports
           default

       Links
           Wikipedia[138]

       timestamp - ICMP Timestamp
             .

       Example
           Configuration sample:

               server timestamp accept

       Server Ports
           N/A

       Client Ports
           N/A

       Links
           Wikipedia[139]

       Notes
           This services matches requests of protocol ICMP and type timestamp-request (TYPE=13)
           and their replies of type timestamp-reply (TYPE=14).

           The timestamp service is stateful.

       tomcat - HTTP alternate port
             .

       Alias
           See httpalt - HTTP alternate port

       upnp - Universal Plug and Play
             .

       Example
           Configuration sample:

               server upnp accept

       Server Ports
           udp/1900 tcp/2869

       Client Ports
           default

       Links
           Homepage[140], Wikipedia[141]

       Notes
           For a Linux implementation see: Linux IGD[142].

       uucp - Unix-to-Unix Copy
             .

       Example
           Configuration sample:

               server uucp accept

       Server Ports
           tcp/540

       Client Ports
           default

       Links
           Wikipedia[143]

       vmware - vmware
             .

       Example
           Configuration sample:

               server vmware accept

       Server Ports
           tcp/902

       Client Ports
           default

       Notes
           Used from VMWare 1 and up. See the VMWare KnowledgeBase[144].

       vmwareauth - vmwareauth
             .

       Example
           Configuration sample:

               server vmwareauth accept

       Server Ports
           tcp/903

       Client Ports
           default

       Notes
           Used from VMWare 1 and up. See the VMWare KnowledgeBase[144].

       vmwareweb - vmwareweb
             .

       Example
           Configuration sample:

               server vmwareweb accept

       Server Ports
           tcp/8222 tcp/8333

       Client Ports
           default

       Notes
           Used from VMWare 2 and up. See VMWare Server 2.0 release notes[145] and the VMWare
           KnowledgeBase[144].

       vnc - Virtual Network Computing
             .

       Example
           Configuration sample:

               server vnc accept

       Server Ports
           tcp/5900:5903

       Client Ports
           default

       Links
           Wikipedia[146]

       Notes
           VNC is a graphical desktop sharing protocol.

       webcache - HTTP alternate port
             .

       Alias
           See httpalt - HTTP alternate port

       webmin - Webmin Administration System
             .

       Example
           Configuration sample:

               server webmin accept

       Server Ports
           tcp/10000

       Client Ports
           default

       Links
           Homepage[147]

       whois - WHOIS Protocol
             .

       Example
           Configuration sample:

               server whois accept

       Server Ports
           tcp/43

       Client Ports
           default

       Links
           Wikipedia[148]

       xbox - Xbox Live
             .

       Example
           Configuration sample:

               client xbox accept

       Server Ports
           many

       Client Ports
           default

       Notes
           Complex service definition for the Xbox live service.

           See program source for contributor details.

       xdmcp - X Display Manager Control Protocol
             .

       Example
           Configuration sample:

               server xdmcp accept

       Server Ports
           udp/177

       Client Ports
           default

       Links
           Wikipedia[149]

       Notes
           See Gnome Display Manager[150] for a discussion about XDMCP and firewalls (Gnome
           Display Manager is a replacement for XDM).

SEE ALSO

           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)

AUTHOR

       Sanewall Team

COPYRIGHT

       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>

NOTES

        1. Wikipedia list of ports
           http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

        2. Wikipedia
           http://en.wikipedia.org/wiki/IPsec#Authentication_Header

        3. Archive of the FreeS/WAN documentation
           http://web.archive.org/web/20100918134143/http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#AH.ipsec

        4. RFC 2402
           http://www.ietf.org/rfc/rfc2402.txt

        5. CONFIG_NF_CONNTRACK_AMANDA
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_AMANDA.html

        6. CONFIG_NF_NAT_AMANDA
           http://cateee.net/lkddb/web-lkddb/NF_NAT_AMANDA.html

        7. Homepage
           http://www.amanda.org/

        8. Wikipedia
           http://en.wikipedia.org/wiki/Advanced_Maryland_Automatic_Network_Disk_Archiver

        9. Homepage
           http://www.apcupsd.com

       10. Wikipedia
           http://en.wikipedia.org/wiki/Apcupsd

       11. APCUPSD
           http://www.apcupsd.com/

       12. Wikipedia
           http://en.wikipedia.org/wiki/Apt-proxy

       13. Homepage
           http://www.asterisk.org

       14. Wikipedia
           http://en.wikipedia.org/wiki/Asterisk_PBX

       15. Homepage
           http://www.cups.org

       16. Wikipedia
           http://en.wikipedia.org/wiki/Common_Unix_Printing_System

       17. Homepage
           http://www.nongnu.org/cvs/

       18. Wikipedia
           http://en.wikipedia.org/wiki/Concurrent_Versions_System

       19. Homepage
           http://dmr.ath.cx/net/darkstat/

       20. Wikipedia
           http://en.wikipedia.org/wiki/Daytime_Protocol

       21. Wikipedia
           http://en.wikipedia.org/wiki/Distributed_Checksum_Clearinghouse

       22. DCC FAQ
           http://www.rhyolite.com/anti-spam/dcc/FAQ.html#firewall-ports

       23. Homepage
           http://dcplusplus.sourceforge.net

       24. Wikipedia
           http://en.wikipedia.org/wiki/Dhcp

       25. Wikipedia
           http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#DHCP_relaying

       26. RFC 1812
           http://www.ietf.org/rfc/rfc1812.txt

       27. RFC 1542
           http://www.ietf.org/rfc/rfc1542.txt

       28. Wikipedia
           http://en.wikipedia.org/wiki/DICT

       29. RFC2229
           http://www.ietf.org/rfc/rfc2229.txt

       30. Homepage
           http://distcc.samba.org/

       31. Wikipedia
           http://en.wikipedia.org/wiki/Distcc

       32. distcc security design
           http://distcc.googlecode.com/svn/trunk/doc/web/security.html

       33. Wikipedia
           http://en.wikipedia.org/wiki/Domain_Name_System

       34. Wikipedia
           http://en.wikipedia.org/wiki/Echo_Protocol

       35. Homepage
           http://www.emule-project.com

       36. eMule Port Definitions
           http://www.emule-project.net/home/perl/help.cgi?l=1&rm=show_topic&topic_id=122

       37. Wikipedia
           http://en.wikipedia.org/wiki/Eserver

       38. Wikipedia
           http://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload

       39. Archive of the FreeS/WAN documentation
           http://web.archive.org/web/20100918134143/http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#ESP.ipsec

       40. RFC 2406
           http://www.ietf.org/rfc/rfc2406.txt

       41. Wikipedia
           http://en.wikipedia.org/wiki/Finger_protocol

       42. CONFIG_NF_CONNTRACK_FTP
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_FTP.html

       43. CONFIG_NF_NAT_FTP
           http://cateee.net/lkddb/web-lkddb/NF_NAT_FTP.html

       44. Wikipedia
           http://en.wikipedia.org/wiki/Ftp

       45. Homepage
           http://gift.sourceforge.net

       46. Wikipedia
           http://en.wikipedia.org/wiki/GiFT

       47. Homepage
           http://gkrellm.net/

       48. Wikipedia
           http://en.wikipedia.org/wiki/Gkrellm

       49. CONFIG_NF_CT_PROTO_GRE
           http://cateee.net/lkddb/web-lkddb/NF_CT_PROTO_GRE.html

       50. CONFIG_NF_NAT_PROTO_GRE
           http://cateee.net/lkddb/web-lkddb/NF_NAT_PROTO_GRE.html

       51. Wikipedia
           http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation

       52. RFC 2784
           http://www.ietf.org/rfc/rfc2784.txt

       53. CONFIG_NF_CONNTRACK_H323
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_H323.html

       54. CONFIG_NF_NAT_H323
           http://cateee.net/lkddb/web-lkddb/NF_NAT_H323.html

       55. Wikipedia
           http://en.wikipedia.org/wiki/H323

       56. Homepage
           http://www.linux-ha.org/

       57. Wikipedia
           http://en.wikipedia.org/wiki/Http

       58. Wikipedia
           http://en.wikipedia.org/wiki/Https

       59. Homepage
           http://www.hylafax.org

       60. Wikipedia
           http://en.wikipedia.org/wiki/Hylafax

       61. Wikipedia
           http://en.wikipedia.org/wiki/Iax

       62. Wikipedia
           http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

       63. Wikipedia
           http://en.wikipedia.org/wiki/Internet_Cache_Protocol

       64. Wikipedia
           http://en.wikipedia.org/wiki/Ident_protocol

       65. Wikipedia
           http://en.wikipedia.org/wiki/Imap

       66. Wikipedia
           http://en.wikipedia.org/wiki/NAT_traversal#NAT_traversal_and_IPsec

       67. CONFIG_NF_CONNTRACK_IRC
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_IRC.html

       68. CONFIG_NF_NAT_IRC
           http://cateee.net/lkddb/web-lkddb/NF_NAT_IRC.html

       69. Wikipedia
           http://en.wikipedia.org/wiki/Internet_Relay_Chat

       70. Wikipedia
           http://en.wikipedia.org/wiki/ISAKMP

       71. Archive of the FreeS/WAN documentation
           http://web.archive.org/web/20100918134143/http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#IKE.ipsec

       72. Wikipedia
           http://en.wikipedia.org/wiki/Jabber

       73. Wikipedia
           http://en.wikipedia.org/wiki/L2tp

       74. Wikipedia
           http://en.wikipedia.org/wiki/Ldap

       75. Wikipedia
           http://en.wikipedia.org/wiki/Line_Printer_Daemon_protocol

       76. RFC 1179
           http://www.ietf.org/rfc/rfc1179.txt

       77. here
           http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-5.html#ss5.5

       78. Wikipedia
           http://en.wikipedia.org/wiki/Microsoft_Media_Server

       79. Wikipedia
           http://en.wikipedia.org/wiki/Multicast

       80. Homepage
           http://www.mysql.com/

       81. Wikipedia
           http://en.wikipedia.org/wiki/Mysql

       82. Wikipedia
           http://en.wikipedia.org/wiki/Netbackup

       83. Wikipedia
           http://en.wikipedia.org/wiki/Netbios#Datagram_distribution_service

       84. Wikipedia
           http://en.wikipedia.org/wiki/Netbios#Name_service

       85. Wikipedia
           http://en.wikipedia.org/wiki/Netbios#Session_service

       86. Wikipedia
           http://en.wikipedia.org/wiki/Network_File_System_%28protocol%29

       87. NFS Howto
           http://nfs.sourceforge.net/nfs-howto/ar01s06.html#nfs_firewalls

       88. Wikipedia
           http://en.wikipedia.org/wiki/Network_Information_Service

       89. Carlos Rodrigues
           https://sourceforge.net/tracker/?func=detail&atid=487695&aid=1050951&group_id=58425

       90. Wikipedia
           http://en.wikipedia.org/wiki/Nntp

       91. Wikipedia
           http://en.wikipedia.org/wiki/Nagios#NRPE

       92. Wikipedia
           http://en.wikipedia.org/wiki/Network_Time_Protocol

       93. Homepage
           http://networkupstools.org/

       94. Wikipedia
           http://en.wikipedia.org/wiki/NX_Server

       95. Homepage
           http://openvpn.net/

       96. Wikipedia
           http://en.wikipedia.org/wiki/OpenVPN

       97. Wikipedia
           http://en.wikipedia.org/wiki/Oracle_db

       98. Wikipedia
           http://en.wikipedia.org/wiki/Ospf

       99. Wikipedia
           http://en.wikipedia.org/wiki/Ping

       00. Wikipedia
           http://en.wikipedia.org/wiki/Pop3

       01. Wikipedia
           http://en.wikipedia.org/wiki/Portmap

       02. Wikipedia
           http://en.wikipedia.org/wiki/Postgres

       03. CONFIG_NF_CONNTRACK_PPTP
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_PPTP.html

       04. CONFIG_NF_NAT_PPTP
           http://cateee.net/lkddb/web-lkddb/NF_NAT_PPTP.html

       05. Wikipedia
           http://en.wikipedia.org/wiki/Pptp

       06. Homepage
           http://www.privoxy.org/

       07. Wikipedia
           http://en.wikipedia.org/wiki/RADIUS

       08. Wikipedia
           http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

       09. Wikipedia
           http://en.wikipedia.org/wiki/Rndc

       10. Homepage
           http://rsync.samba.org/

       11. Wikipedia
           http://en.wikipedia.org/wiki/Rsync

       12. Wikipedia
           http://en.wikipedia.org/wiki/Real-time_Transport_Protocol

       13. Homepage
           http://www.samba.org/

       14. Wikipedia
           http://en.wikipedia.org/wiki/Samba_(software)

       15. CONFIG_NF_CONNTRACK_SANE
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_SANE.html

       16. Homepage
           http://www.sane-project.org/

       17. CONFIG_NF_CONNTRACK_SIP
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_SIP.html

       18. CONFIG_NF_NAT_SIP
           http://cateee.net/lkddb/web-lkddb/NF_NAT_SIP.html

       19. Wikipedia
           http://en.wikipedia.org/wiki/Session_Initiation_Protocol

       20. SIP
           http://www.voip-info.org/wiki-SIP

       21. Wikipedia
           http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

       22. Wikipedia
           http://en.wikipedia.org/wiki/SMTPS

       23. Wikipedia
           http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

       24. Wikipedia
           http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Trap

       25. Wikipedia
           http://en.wikipedia.org/wiki/SOCKS

       26. RFC 1928
           http://www.ietf.org/rfc/rfc1928.txt

       27. Homepage
           http://www.squid-cache.org/

       28. Wikipedia
           http://en.wikipedia.org/wiki/Squid_(software)

       29. Wikipedia
           http://en.wikipedia.org/wiki/Secure_Shell

       30. Wikipedia
           http://en.wikipedia.org/wiki/STUN

       31. STUN
           http://www.voip-info.org/wiki-STUN

       32. Homepage
           http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html

       33. Wikipedia
           http://en.wikipedia.org/wiki/Syslog

       34. Wikipedia
           http://en.wikipedia.org/wiki/Telnet

       35. CONFIG_NF_CONNTRACK_TFTP
           http://cateee.net/lkddb/web-lkddb/NF_CONNTRACK_TFTP.html

       36. CONFIG_NF_NAT_TFTP
           http://cateee.net/lkddb/web-lkddb/NF_NAT_TFTP.html

       37. Wikipedia
           http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol

       38. Wikipedia
           http://en.wikipedia.org/wiki/Time_Protocol

       39. Wikipedia
           http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Timestamp

       40. Homepage
           http://upnp.sourceforge.net/

       41. Wikipedia
           http://en.wikipedia.org/wiki/Universal_Plug_and_Play

       42. Linux IGD
           http://linux-igd.sourceforge.net/

       43. Wikipedia
           http://en.wikipedia.org/wiki/UUCP

       44. VMWare KnowledgeBase
           http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382

       45. VMWare Server 2.0 release notes
           http://www.vmware.com/support/server2/doc/releasenotes_vmserver2.html

       46. Wikipedia
           http://en.wikipedia.org/wiki/Virtual_Network_Computing

       47. Homepage
           http://www.webmin.com/

       48. Wikipedia
           http://en.wikipedia.org/wiki/Whois

       49. Wikipedia
           http://en.wikipedia.org/wiki/X_display_manager_(program_type)#X_Display_Manager_Control_Protocol

       50. Gnome Display Manager
           http://www.jirka.org/gdm-documentation/x70.html