On 22 January 2015 at 07:59, <b...@avalanic.dk> wrote:
> Hello,
>
> I recently lost access to a co-located server, because I used a non-standard
> port for ssh access.
>
> The default pf-ruleset (in /etc/rc) had kicked in.
>
> Would it be more correct to have the rulset in /etc/rc use /etc/services
> instead of hardcoding port 22 into the rule?
>
> Something like this;
>
> 326,327c326,327
> < RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
> < RULES="$RULES\npass out proto { tcp, udp } from any to any port 53
> keep state"
> ---
>>
>> RULES="$RULES\npass in proto tcp from any to any port ssh keep
>> state"
>> RULES="$RULES\npass out proto { tcp, udp } from any to any port
>> domain keep state"
>
>
>
> --
> Kind regards
> Brian Vangsgaard
>
Fixed in -current. All hard coded port numbers (22, 53, 111, 2049)
replaced with names (ssh, domain, sunrpc, nfsd).
.... Ken
