Re: change port numbers for services in firehol

To: debian-firewall@lists.debian.org
Subject: Re: change port numbers for services in firehol
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 04 Nov 2004 12:38:11 +1100
Message-id: <87pt2uwfzw.fsf@enki.rimspace.net>
References: <20041103144725.GA28639@resivo.mejo.net>

On 4 Nov 2004, Jonas Meurer wrote:
> i've the problem that i want to change the port number that runs ssh to
> prevent ssh from some attacks.
> i use firehol as firewall. normally i just had 'ssh' in the server
> accept list, now i'll have to configure it somehow.
>
> as i didn't find any information about modifying services in config, i
> got the intension to configure a new one. is this correct?:
> server_myssh_ports="tcp/3022"
> client_myssh_ports="default"
>
> i'm not sure whether this is the best solution, or maybe i can configure
> the service ssh to simply use another port?

Yes, that is correct, and defining a new service is probably the best
way to do this -- it clues in anyone working on the system (including
you ;) that this is non-standard.

That said, the standard (simple) services like 'ssh' are simply
instances of the above defined in the firehol library, so you should be
able to[1] do:

    server_ssh_ports="tcp/3022"

Then, your firehol script will use your new definition of the ssh
service, as I understand things.

This will not work for "complex" services like ftp, where more than a
simple port mapping is required;  they use a different service
definition style.

Regards,
        Daniel

Footnotes: 
[1]  I have not tested this.

-- 
A man's worst difficulties begin when he is able to do as he likes.
        -- Thomas Henry Huxley

Reply to:

References:
- change port numbers for services in firehol
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: change port numbers for services in firehol
Next by Date: "unsubscribe"
Previous by thread: change port numbers for services in firehol
Next by thread: "unsubscribe"
Index(es):
- Date
- Thread