TCP/UDP Ports
Path:
/src/type/port.coffeecompiled to/lib/type/port.js
Checking text entries against multiple rules.
Check options:
allow-Arraylist of allowed ports or ranges ‘system’, ‘registered’, ‘dynamic’deny-Arraylist of denied ports or ranges ‘system’, ‘registered’, ‘dynamic’
If allow and deny is both used the deny settings has precedence.
The ports can also be given as standardized names as known in the /etc/services list like: ‘ftp’, ‘http’, ‘ssh’, …
Ranges for deny and allow may contain a list of multiple ports or ranges. Ranges
are ‘system’, ‘registered’ and ‘dynamic’ representing the three range parts.
The table shows how the result is detected if both given:
| has allow | has deny | in allow | in deny | in both | in other |
|---|---|---|---|---|---|
| no | no | - | - | - | ok |
| yes | no | ok | - | - | fail |
| no | yes | - | fail | - | ok |
| yes | yes | ok | fail | ok | ok |
Schema Specification
Port is a port schema definition.
An object with the following keys allowed: allow, deny, title, description, key, type, optional, default. The following entries have a specific format:
allow-
List of Allowed is the list of allowed port numbers, names and ranges.
A list which is optional. Each entry has to be of type or:
Allow is a port number, name or range which is allowed.
It has to be one of the following types:
-
Allow Port Number is a port number which is allowed.
An integer value. The value should be between 0 and 65535.
-
Allow Port Name is a port name which is allowed.
A text entry in which all control characters will be removed.
-
Allow Range is a range which is allowed.
A text entry in which all control characters will be removed. Only the values: ‘rtmp’, ‘acr-nema’, ‘afbackup’, ‘afmbackup’, ‘afpovertcp’, ‘afs3-bos’, ‘afs3-callback’, ‘afs3-errors’, ‘afs3-fileserver’, ‘afs3-kaserver’, ‘afs3-prserver’, ‘afs3-rmtsys’, ‘afs3-update’, ‘afs3-vlserver’, ‘afs3-volser’, ‘amanda’, ‘amandaidx’, ‘amidxtape’, ‘amqp’, ‘aol’, ‘asf-rmcp’, ‘asp’, ‘at-echo’, ‘at-nbp’, ‘at-rtmp’, ‘at-zis’, ‘auth’, ‘bacula-dir’, ‘bacula-fd’, ‘bacula-sd’, ‘bgp’, ‘bgpd’, ‘bgpsim’, ‘biff’, ‘binkp’, ‘bootpc’, ‘bootps’, ‘bpcd’, ‘bpdbm’, ‘bpjava-msvc’, ‘bprd’, ‘canna’, ‘cfengine’, ‘cfinger’, ‘chargen’, ‘cisco-sccp’, ‘clc-build-daemon’, ‘clearcase’, ‘cmip-agent’, ‘cmip-man’, ‘codaauth2’, ‘codasrv’, ‘codasrv-se’, ‘conference’, ‘courier’, ‘csnet-ns’, ‘csync2’, ‘customs’, ‘cvspserver’, ‘daap’, ‘datametrics’, ‘daytime’, ‘db-lsp’, ‘dcap’, ‘dhcpv6-client’, ‘dhcpv6-server’, ‘dicom’, ‘dict’, ‘dircproxy’, ‘discard’, ‘distcc’, ‘distmp3’, ‘domain’, ‘echo’, ‘eklogin’, ‘enbd-cstatd’, ‘enbd-sstatd’, ‘epmd’, ‘exec’, ‘f5-globalsite’, ‘f5-iquery’, ‘fatserv’, ‘fax’, ‘fido’, ‘finger’, ‘font-service’, ‘freeciv’, ‘frox’, ‘fsp’, ‘ftp’, ‘ftp-data’, ‘ftps’, ‘ftps-data’, ‘gdomap’, ‘gds-db’, ‘ggz’, ‘git’, ‘gnunet’, ‘gnutella-rtr’, ‘gnutella-svc’, ‘gopher’, ‘gpsd’, ‘gris’, ‘groupwise’, ‘gsidcap’, ‘gsiftp’, ‘gsigatekeeper’, ‘hkp’, ‘hmmp-ind’, ‘hostmon’, ‘hostnames’, ‘http’, ‘http-alt’, ‘https’, ‘hylafax’, ‘iax’, ‘icpv2’, ‘idfp’, ‘imap2’, ‘imap3’, ‘imaps’, ‘imsp’, ‘ingreslock’, ‘ipp’, ‘iprop’, ‘ipsec-nat-t’, ‘ipx’, ‘irc’, ‘ircd’, ‘ircs’, ‘isakmp’, ‘iscsi-target’, ‘isdnlog’, ‘isisd’, ‘iso-tsap’, ‘kamanda’, ‘kazaa’, ‘kerberos4’, ‘kerberos’, ‘kerberos-adm’, ‘kerberos-master’, ‘kermit’, ‘klogin’, ‘knetd’, ‘kpasswd’, ‘kpop’, ‘krb-prop’, ‘krbupdate’, ‘kshell’, ‘kx’, ‘l2f’, ‘ldap’, ‘ldaps’, ‘link’, ‘linuxconf’, ‘loc-srv’, ‘login’, ‘log-server’, ‘lotusnote’, ‘mailq’, ‘mandelspawn’, ‘mdns’, ‘microsoft-ds’, ‘mmcc’, ‘moira-db’, ‘moira-update’, ‘moira-ureg’, ‘mon’, ‘mrtd’, ‘msnp’, ‘msp’, ‘ms-sql-m’, ‘ms-sql-s’, ‘mtn’, ‘mtp’, ‘munin’, ‘mysql’, ‘mysql-proxy’, ‘nameserver’, ‘nbd’, ‘nbp’, ‘nessus’, ‘netbios-dgm’, ‘netbios-ns’, ‘netbios-ssn’, ‘netnews’, ‘netstat’, ‘netwall’, ‘nextstep’, ‘nfs’, ‘ninstall’, ‘nntp’, ‘nntps’, ‘noclog’, ‘npmp-gui’, ‘npmp-local’, ‘nqs’, ‘nrpe’, ‘nsca’, ‘ntalk’, ‘ntp’, ‘nut’, ‘omirr’, ‘omniorb’, ‘openvpn’, ‘ospf6d’, ‘ospfapi’, ‘ospfd’, ‘passwd-server’, ‘pawserv’, ‘pcrd’, ‘pipe-server’, ‘pop2’, ‘pop3’, ‘pop3s’, ‘poppassd’, ‘postgresql’, ‘predict’, ‘printer’, ‘proofd’, ‘prospero’, ‘prospero-np’, ‘pwdgen’, ‘qmqp’, ‘qmtp’, ‘qotd’, ‘radius’, ‘radius-acct’, ‘radmin-port’, ‘re-mail-ck’, ‘remctl’, ‘remotefs’, ‘remoteping’, ‘rfe’, ‘ripd’, ‘ripngd’, ‘rje’, ‘rlp’, ‘rmiregistry’, ‘rmtcfg’, ‘rootd’, ‘route’, ‘rpc2portmap’, ‘rplay’, ‘rsync’, ‘rtcm-sc104’, ‘rtelnet’, ‘rtsp’, ‘saft’, ‘sa-msg-port’, ‘sane-port’, ‘search’, ‘sftp’, ‘sge-execd’, ‘sge-qmaster’, ‘sgi-cad’, ‘sgi-cmsd’, ‘sgi-crsd’, ‘sgi-gcd’, ‘shell’, ‘sieve’, ‘silc’, ‘sip’, ‘sip-tls’, ‘skkserv’, ‘smsqp’, ‘smtp’, ‘smux’, ‘snmp’, ‘snmp-trap’, ‘snpp’, ‘socks’, ‘spamd’, ‘ssh’, ‘submission’, ‘sunrpc’, ‘supdup’, ‘supfiledbg’, ‘supfilesrv’, ‘support’, ‘suucp’, ‘svn’, ‘svrloc’, ‘swat’, ‘syslog’, ‘syslog-tls’, ‘sysrqd’, ‘systat’, ‘tacacs’, ‘tacacs-ds’, ‘talk’, ‘tcpmux’, ‘telnet’, ‘telnets’, ‘tempo’, ‘tfido’, ‘tftp’, ‘time’, ‘timed’, ‘tinc’, ‘tproxy’, ‘ulistserv’, ‘unix-status’, ‘urd’, ‘uucp’, ‘uucp-path’, ‘vboxd’, ‘venus’, ‘venus-se’, ‘vnetd’, ‘vopied’, ‘webmin’, ‘webster’, ‘who’, ‘whois’, ‘wipld’, ‘wnn6’, ‘x11-1’, ‘x11-2’, ‘x11-3’, ‘x11-4’, ‘x11-5’, ‘x11’, ‘x11-6’, ‘x11-7’, ‘xdmcp’, ‘xinetd’, ‘xmms2’, ‘xmpp-client’, ‘xmpp-server’, ‘xpilot’, ‘xtel’, ‘xtell’, ‘xtelw’, ‘z3950’, ‘zabbix-agent’, ‘zabbix-trapper’, ‘zebra’, ‘zebrasrv’, ‘zephyr-clt’, ‘zephyr-hm’, ‘zephyr-srv’, ‘zip’, ‘zope’, ‘zope-ftp’, ‘zserv’ are allowed.
-
deny-
List of Denied is the list of denied port numbers, names and ranges.
A list which is optional. Each entry has to be of type or:
Deny is a port number, name or range which is denied.
It has to be one of the following types:
-
Deny Port Number is a port number which is denied.
An integer value. The value should be between 0 and 65535.
-
Deny Port Name is a port name which is denied.
A text entry in which all control characters will be removed.
-
Deny Range is a range which is denied.
A text entry in which all control characters will be removed. Only the values: ‘rtmp’, ‘acr-nema’, ‘afbackup’, ‘afmbackup’, ‘afpovertcp’, ‘afs3-bos’, ‘afs3-callback’, ‘afs3-errors’, ‘afs3-fileserver’, ‘afs3-kaserver’, ‘afs3-prserver’, ‘afs3-rmtsys’, ‘afs3-update’, ‘afs3-vlserver’, ‘afs3-volser’, ‘amanda’, ‘amandaidx’, ‘amidxtape’, ‘amqp’, ‘aol’, ‘asf-rmcp’, ‘asp’, ‘at-echo’, ‘at-nbp’, ‘at-rtmp’, ‘at-zis’, ‘auth’, ‘bacula-dir’, ‘bacula-fd’, ‘bacula-sd’, ‘bgp’, ‘bgpd’, ‘bgpsim’, ‘biff’, ‘binkp’, ‘bootpc’, ‘bootps’, ‘bpcd’, ‘bpdbm’, ‘bpjava-msvc’, ‘bprd’, ‘canna’, ‘cfengine’, ‘cfinger’, ‘chargen’, ‘cisco-sccp’, ‘clc-build-daemon’, ‘clearcase’, ‘cmip-agent’, ‘cmip-man’, ‘codaauth2’, ‘codasrv’, ‘codasrv-se’, ‘conference’, ‘courier’, ‘csnet-ns’, ‘csync2’, ‘customs’, ‘cvspserver’, ‘daap’, ‘datametrics’, ‘daytime’, ‘db-lsp’, ‘dcap’, ‘dhcpv6-client’, ‘dhcpv6-server’, ‘dicom’, ‘dict’, ‘dircproxy’, ‘discard’, ‘distcc’, ‘distmp3’, ‘domain’, ‘echo’, ‘eklogin’, ‘enbd-cstatd’, ‘enbd-sstatd’, ‘epmd’, ‘exec’, ‘f5-globalsite’, ‘f5-iquery’, ‘fatserv’, ‘fax’, ‘fido’, ‘finger’, ‘font-service’, ‘freeciv’, ‘frox’, ‘fsp’, ‘ftp’, ‘ftp-data’, ‘ftps’, ‘ftps-data’, ‘gdomap’, ‘gds-db’, ‘ggz’, ‘git’, ‘gnunet’, ‘gnutella-rtr’, ‘gnutella-svc’, ‘gopher’, ‘gpsd’, ‘gris’, ‘groupwise’, ‘gsidcap’, ‘gsiftp’, ‘gsigatekeeper’, ‘hkp’, ‘hmmp-ind’, ‘hostmon’, ‘hostnames’, ‘http’, ‘http-alt’, ‘https’, ‘hylafax’, ‘iax’, ‘icpv2’, ‘idfp’, ‘imap2’, ‘imap3’, ‘imaps’, ‘imsp’, ‘ingreslock’, ‘ipp’, ‘iprop’, ‘ipsec-nat-t’, ‘ipx’, ‘irc’, ‘ircd’, ‘ircs’, ‘isakmp’, ‘iscsi-target’, ‘isdnlog’, ‘isisd’, ‘iso-tsap’, ‘kamanda’, ‘kazaa’, ‘kerberos4’, ‘kerberos’, ‘kerberos-adm’, ‘kerberos-master’, ‘kermit’, ‘klogin’, ‘knetd’, ‘kpasswd’, ‘kpop’, ‘krb-prop’, ‘krbupdate’, ‘kshell’, ‘kx’, ‘l2f’, ‘ldap’, ‘ldaps’, ‘link’, ‘linuxconf’, ‘loc-srv’, ‘login’, ‘log-server’, ‘lotusnote’, ‘mailq’, ‘mandelspawn’, ‘mdns’, ‘microsoft-ds’, ‘mmcc’, ‘moira-db’, ‘moira-update’, ‘moira-ureg’, ‘mon’, ‘mrtd’, ‘msnp’, ‘msp’, ‘ms-sql-m’, ‘ms-sql-s’, ‘mtn’, ‘mtp’, ‘munin’, ‘mysql’, ‘mysql-proxy’, ‘nameserver’, ‘nbd’, ‘nbp’, ‘nessus’, ‘netbios-dgm’, ‘netbios-ns’, ‘netbios-ssn’, ‘netnews’, ‘netstat’, ‘netwall’, ‘nextstep’, ‘nfs’, ‘ninstall’, ‘nntp’, ‘nntps’, ‘noclog’, ‘npmp-gui’, ‘npmp-local’, ‘nqs’, ‘nrpe’, ‘nsca’, ‘ntalk’, ‘ntp’, ‘nut’, ‘omirr’, ‘omniorb’, ‘openvpn’, ‘ospf6d’, ‘ospfapi’, ‘ospfd’, ‘passwd-server’, ‘pawserv’, ‘pcrd’, ‘pipe-server’, ‘pop2’, ‘pop3’, ‘pop3s’, ‘poppassd’, ‘postgresql’, ‘predict’, ‘printer’, ‘proofd’, ‘prospero’, ‘prospero-np’, ‘pwdgen’, ‘qmqp’, ‘qmtp’, ‘qotd’, ‘radius’, ‘radius-acct’, ‘radmin-port’, ‘re-mail-ck’, ‘remctl’, ‘remotefs’, ‘remoteping’, ‘rfe’, ‘ripd’, ‘ripngd’, ‘rje’, ‘rlp’, ‘rmiregistry’, ‘rmtcfg’, ‘rootd’, ‘route’, ‘rpc2portmap’, ‘rplay’, ‘rsync’, ‘rtcm-sc104’, ‘rtelnet’, ‘rtsp’, ‘saft’, ‘sa-msg-port’, ‘sane-port’, ‘search’, ‘sftp’, ‘sge-execd’, ‘sge-qmaster’, ‘sgi-cad’, ‘sgi-cmsd’, ‘sgi-crsd’, ‘sgi-gcd’, ‘shell’, ‘sieve’, ‘silc’, ‘sip’, ‘sip-tls’, ‘skkserv’, ‘smsqp’, ‘smtp’, ‘smux’, ‘snmp’, ‘snmp-trap’, ‘snpp’, ‘socks’, ‘spamd’, ‘ssh’, ‘submission’, ‘sunrpc’, ‘supdup’, ‘supfiledbg’, ‘supfilesrv’, ‘support’, ‘suucp’, ‘svn’, ‘svrloc’, ‘swat’, ‘syslog’, ‘syslog-tls’, ‘sysrqd’, ‘systat’, ‘tacacs’, ‘tacacs-ds’, ‘talk’, ‘tcpmux’, ‘telnet’, ‘telnets’, ‘tempo’, ‘tfido’, ‘tftp’, ‘time’, ‘timed’, ‘tinc’, ‘tproxy’, ‘ulistserv’, ‘unix-status’, ‘urd’, ‘uucp’, ‘uucp-path’, ‘vboxd’, ‘venus’, ‘venus-se’, ‘vnetd’, ‘vopied’, ‘webmin’, ‘webster’, ‘who’, ‘whois’, ‘wipld’, ‘wnn6’, ‘x11-1’, ‘x11-2’, ‘x11-3’, ‘x11-4’, ‘x11-5’, ‘x11’, ‘x11-6’, ‘x11-7’, ‘xdmcp’, ‘xinetd’, ‘xmms2’, ‘xmpp-client’, ‘xmpp-server’, ‘xpilot’, ‘xtel’, ‘xtell’, ‘xtelw’, ‘z3950’, ‘zabbix-agent’, ‘zabbix-trapper’, ‘zebra’, ‘zebrasrv’, ‘zephyr-clt’, ‘zephyr-hm’, ‘zephyr-srv’, ‘zip’, ‘zope’, ‘zope-ftp’, ‘zserv’ are allowed.
-
title-
Title is the title used to describe the element.
A text entry which is optional. All control characters will be removed.
description-
Description is the free description of the element.
A text entry which is optional. All control characters will be removed.
key-
Binding to Keyname is the mapping to which key names in an object this element belongs.
A valid regular expression which is optional. It has to be one of the following types:
- An object which has to be an instance of class
RegExp. - A text entry in which all control characters will be removed. The text should match: /^/.?/[gim]$/.
- An object which has to be an instance of class
type-
Type is the type of element.
A text entry in which all control characters will be removed.
optional-
Optional is a flag defining if this element is optional.
A boolean value, which will be true for ‘true’, ‘1’, ‘on’, ‘yes’, ‘+’, 1, true and will be considered as false for ‘false’, ‘0’, ‘off’, ‘no’, ‘-’, 0, false. It’s optional.
default-
Default Value is the default value to use if nothing given.
An integer value which is optional. The value should be between 0 and 65535.