Re: change port numbers for services in firehol
On 4 Nov 2004, Jonas Meurer wrote:
> i've the problem that i want to change the port number that runs ssh to
> prevent ssh from some attacks.
> i use firehol as firewall. normally i just had 'ssh' in the server
> accept list, now i'll have to configure it somehow.
>
> as i didn't find any information about modifying services in config, i
> got the intension to configure a new one. is this correct?:
> server_myssh_ports="tcp/3022"
> client_myssh_ports="default"
>
> i'm not sure whether this is the best solution, or maybe i can configure
> the service ssh to simply use another port?
Yes, that is correct, and defining a new service is probably the best
way to do this -- it clues in anyone working on the system (including
you ;) that this is non-standard.
That said, the standard (simple) services like 'ssh' are simply
instances of the above defined in the firehol library, so you should be
able to[1] do:
server_ssh_ports="tcp/3022"
Then, your firehol script will use your new definition of the ssh
service, as I understand things.
This will not work for "complex" services like ftp, where more than a
simple port mapping is required; they use a different service
definition style.
Regards,
Daniel
Footnotes:
[1] I have not tested this.
--
A man's worst difficulties begin when he is able to do as he likes.
-- Thomas Henry Huxley
Reply to: