On 22 January 2015 at 07:59, <b...@avalanic.dk> wrote: > Hello, > > I recently lost access to a co-located server, because I used a non-standard > port for ssh access. > > The default pf-ruleset (in /etc/rc) had kicked in. > > Would it be more correct to have the rulset in /etc/rc use /etc/services > instead of hardcoding port 22 into the rule? > > Something like this; > > 326,327c326,327 > < RULES="$RULES\npass in proto tcp from any to any port 22 keep state" > < RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 > keep state" > --- >> >> RULES="$RULES\npass in proto tcp from any to any port ssh keep >> state" >> RULES="$RULES\npass out proto { tcp, udp } from any to any port >> domain keep state" > > > > -- > Kind regards > Brian Vangsgaard >
Fixed in -current. All hard coded port numbers (22, 53, 111, 2049) replaced with names (ssh, domain, sunrpc, nfsd). .... Ken