ï»¿
Your IP : 216.73.216.86

Current Path : /home/emeraadmin/www/4d695/
Current File : /home/emeraadmin/www/4d695/firewalld.tar
helpers/Q.931.xml000064400000000172151701523520007444 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_h323">
  <port protocol="tcp" port="1720"/>
</helper>
helpers/RAS.xml000064400000000172151701523520007356 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_h323">
  <port protocol="udp" port="1719"/>
</helper>
helpers/amanda.xml000064400000000175151701523520010155 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_amanda">
  <port protocol="udp" port="10080"/>
</helper>
helpers/ftp.xml000064400000000167151701523520007526 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_ftp">
  <port protocol="tcp" port="21"/>
</helper>
helpers/h323.xml000064400000000125151701523520007406 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_h323">
</helper>
helpers/irc.xml000064400000000206151701523520007504 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_irc" family="ipv4">
  <port protocol="tcp" port="194"/>
</helper>
helpers/netbios-ns.xml000064400000000215151701523520011010 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_netbios_ns" family="ipv4">
  <port protocol="udp" port="137"/>
</helper>
helpers/pptp.xml000064400000000210151701523520007705 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_pptp" family="ipv4">
  <port protocol="tcp" port="1723"/>
</helper>
helpers/proto-gre.xml000064400000000132151701523520010643 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_proto_gre">
</helper>
helpers/sane.xml000064400000000172151701523520007657 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_sane">
  <port protocol="tcp" port="6566"/>
</helper>
helpers/sip.xml000064400000000236151701523520007525 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_sip">
  <port protocol="tcp" port="5060"/>
  <port protocol="udp" port="5060"/>
</helper>
helpers/snmp.xml000064400000000207151701523520007705 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_snmp" family="ipv4">
  <port protocol="udp" port="161"/>
</helper>
helpers/tftp.xml000064400000000170151701523520007704 0ustar00<?xml version="1.0" encoding="utf-8"?>
<helper module="nf_conntrack_tftp">
  <port protocol="udp" port="69"/>
</helper>
icmptypes/network-unreachable.xml000064400000000367151701523520013252 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Network Unreachable</short>
  <description>This message is sent if the destination network is unreachable.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/no-route.xml000064400000000357151701523520011061 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>No Route</short>
  <description>This error message is set if there is no route to the destination.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/packet-too-big.xml000064400000000510151701523520012105 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Packet Too Big</short>
  <description>This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/parameter-problem.xml000064400000000341151701523520012720 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Parameter Problem</short>
  <description>This error message is generated if the IP header is bad, either by a missing option or bad length.</description>
</icmptype>
icmptypes/port-unreachable.xml000064400000000351151701523520012536 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Port Unreachable</short>
  <description>This error message is sent if the port unreachable.</description>
  <destination ipv4="yes"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/precedence-cutoff.xml000064400000000400151701523520012657 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Precedence Cutoff</short>
  <description>This message is sent if the precedence is lower than the required minimum.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/protocol-unreachable.xml000064400000000371151701523520013415 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Protocol Unreachable</short>
  <description>This message is sent if the destination protocol is unreachable.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/redirect.xml000064400000000271151701523520011105 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Redirect</short>
  <description>This error message informs a host to send packets on another route.</description>
</icmptype>
icmptypes/reject-route.xml000064400000000364151701523520011717 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Reject Route</short>
  <description>This error message is sent if the route to destination is rejected.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/required-option-missing.xml000064400000000361151701523520014101 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Required Option Missing</short>
  <description>This message is sent if a required option is missing.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/router-advertisement.xml000064400000000343151701523520013474 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Router Advertisement</short>
  <description>This message is used by routers to periodically announce the IP address of a multicast interface.</description>
</icmptype>
icmptypes/router-solicitation.xml000064400000000337151701523520013326 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Router Solicitation</short>
  <description>This message is used by a host attached to a multicast link to request a Router Advertisement.</description>
</icmptype>
icmptypes/source-quench.xml000064400000000370151701523520012065 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Source Quench</short>
  <description>This error message is generated to tell a host to reduce the pace at which it is sending packets.</description>
  <destination ipv4="yes"/>
</icmptype>
icmptypes/source-route-failed.xml000064400000000354151701523520013164 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Source Route Failed</short>
  <description>This message is sent if the source route has failed.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/time-exceeded.xml000064400000000375151701523520012013 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Time Exceeded</short>
  <description>This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.</description>
</icmptype>
icmptypes/timestamp-reply.xml000064400000000351151701523520012437 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Timestamp Reply</short>
  <description>This message is used to reply to a timestamp message.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/timestamp-request.xml000064400000000344151701523520012776 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Timestamp Request</short>
  <description>This message is used for time synchronization.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/tos-host-redirect.xml000064400000000402151701523520012657 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TOS Host Redirect</short>
  <description>This message is the datagram is redirected for the type of service and host.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/tos-host-unreachable.xml000064400000000401151701523520013326 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TOS Host Unreachable</short>
  <description>This message is sent if the host is unreachable for the type of service.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/tos-network-redirect.xml000064400000000420151701523520013373 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TOS Network Redirect</short>
  <description>This message is sent if the datagram is redirected for the type of service and network.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/tos-network-unreachable.xml000064400000000415151701523520014047 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TOS Network Unreachable</short>
  <description>This error message is sent if the network is unreachable for the type of service.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/ttl-zero-during-reassembly.xml000064400000000445151701523520014521 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TTL Zero During Reassembly</short>
  <description>This error message is sent if a host fails to reassemble a fragmented datagram within its time limit.</description>
  <destination ipv4="yes"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/ttl-zero-during-transit.xml000064400000000400151701523520014026 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>TTL Zero During Transit</short>
  <description>This error message is sent if the time to live exceeded in transit.</description>
  <destination ipv4="yes"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/unknown-header-type.xml000064400000000403151701523520013205 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Unknown Header Type</short>
  <description>This error message is sent if an unrecognized Next Header type encountered.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/unknown-option.xml000064400000000371151701523520012312 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Unknown Option</short>
  <description>This error message is sent if an unrecognized IPv6 option encountered.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/mld-listener-done.xml000064400000000534151701523520012630 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>MLD Listener Done</short>
  <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/mld-listener-query.xml000064400000000461151701523520013047 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>MLD Listener Query</short>
  <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/mld-listener-report.xml000064400000000463151701523520013217 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>MLD Listener Report</short>
  <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/mld2-listener-report.xml000064400000000501151701523520013272 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>MLDv2 Multicast Listener Report</short>
  <description>ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/address-unreachable.xml000064400000000601151701523520013175 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Address Unreachable</short>
  <description>This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/bad-header.xml000064400000000402151701523520011254 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Bad Header</short>
  <description>This error message is created if there has been an error in the header of a packet.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/beyond-scope.xml000064400000000446151701523520011677 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Beyond Scope</short>
  <description>This error message is sent if transmitting a package whould cross a zone boundary of the scope of the source address.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/communication-prohibited.xml000064400000000427151701523520014303 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Communication Prohibited</short>
  <description>This error message is sent if communication with destination administratively prohibited.</description>
  <destination ipv4="yes"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/destination-unreachable.xml000064400000000336151701523520014076 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Destination Unreachable</short>
  <description>This error message is generated by a host or gateway if the destination is not reachable.</description>
</icmptype>
icmptypes/echo-reply.xml000064400000000255151701523520011355 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Echo Reply (pong)</short>
  <description>This message is the answer to an Echo Request.</description>
</icmptype>
icmptypes/echo-request.xml000064400000000322151701523520011705 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Echo Request (ping)</short>
  <description>This message is used to test if a host is reachable mostly with the ping utility.</description>
</icmptype>
icmptypes/failed-policy.xml000064400000000405151701523520012024 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Failed Policy</short>
  <description>This error message is generated if the source address failed ingress/egress policy.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/fragmentation-needed.xml000064400000000430151701523520013361 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Fragmentation Needed</short>
  <description>This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/host-precedence-violation.xml000064400000000412151701523520014353 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Host Precedence Violation</short>
  <description>This error message is sent if the communication administratively prohibited.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/host-prohibited.xml000064400000000401151701523520012403 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Host Prohibited</short>
  <description>This error message is sent if access from a host administratively prohibited.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/host-redirect.xml000064400000000362151701523520012061 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Host Redirect</short>
  <description>This message is sent if the datagram is redirected for the host.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/host-unknown.xml000064400000000357151701523520011763 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Host Unknown</short>
  <description>This error message is sent if the destination host is unknown.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/host-unreachable.xml000064400000000367151701523520012536 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Host Unreachable</short>
  <description>This error message is sent if the destination host is unreachable.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/ip-header-bad.xml000064400000000345151701523520011670 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Ip Header Bad</short>
  <description>This error message is sent if the IP header is bad.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/neighbour-advertisement.xml000064400000000543151701523520014140 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Neighbour Advertisement (Neighbor Advertisement)</short>
  <description>This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/neighbour-solicitation.xml000064400000000711151701523520013764 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Neighbour Solicitation (Neighbor Solicitation)</short>
  <description>This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.</description>
  <destination ipv4="no"/>
  <destination ipv6="yes"/>
</icmptype>
icmptypes/network-prohibited.xml000064400000000372151701523520013126 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Network Prohibited</short>
  <description>This message is sent if the network is administratively prohibited.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/network-redirect.xml000064400000000370151701523520012574 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Network Redirect</short>
  <description>This message is sent if the datagram is redirected for the network.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
icmptypes/network-unknown.xml000064400000000357151701523520012477 0ustar00<?xml version="1.0" encoding="utf-8"?>
<icmptype>
  <short>Network Unknown</short>
  <description>This message is sent if the destination network is unknown.</description>
  <destination ipv4="yes"/>
  <destination ipv6="no"/>
</icmptype>
ipsets/README000064400000000035151701523520006732 0ustar00Location for built-in ipsets
policies/allow-host-ipv6.xml000064400000001211151701523520012044 0ustar00<?xml version="1.0" encoding="utf-8"?>
<policy target="CONTINUE" priority="-15000">
  <short>Allow host IPv6</short>
  <description>Allows basic IPv6 functionality for the host running firewalld.</description>
  <ingress-zone name="ANY" />
  <egress-zone name="HOST" />
  <rule family="ipv6">
    <icmp-type name="neighbour-advertisement" />
    <accept />
  </rule>
  <rule family="ipv6">
    <icmp-type name="neighbour-solicitation" />
    <accept />
  </rule>
  <rule family="ipv6">
    <icmp-type name="router-advertisement" />
    <accept />
  </rule>
  <rule family="ipv6">
    <icmp-type name="redirect" />
    <accept />
  </rule>
</policy>
services/RH-Satellite-6.xml000064400000001054151701523520011512 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Red Hat Satellite 6</short>
  <description>Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.</description>
  <include service="foreman"/>
  <port protocol="tcp" port="5000"/>
  <port protocol="tcp" port="5646-5647"/>
  <port protocol="tcp" port="5671"/>
  <port protocol="tcp" port="8000"/>
  <port protocol="tcp" port="8080"/>
  <port protocol="tcp" port="9090"/>
</service>
services/amanda-client.xml000064400000000617151701523520011613 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Amanda Backup Client</short>
  <description>The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.</description>
  <port protocol="udp" port="10080"/>
  <port protocol="tcp" port="10080"/>
  <helper name="amanda"/>
</service>
services/amanda-k5-client.xml000064400000000653151701523520012130 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Amanda Backup Client (kerberized)</short>
  <description>The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication</description>
  <port protocol="tcp" port="10082"/>
  <helper name="amanda"/>
</service>
services/amqp.xml000064400000000421151701523520010045 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>amqp</short>
  <description>The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.</description>
  <port protocol="tcp" port="5672"/>
</service>
services/amqps.xml000064400000000433151701523520010233 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>amqps</short>
  <description>The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.</description>
  <port protocol="tcp" port="5671"/>
</service>
services/apcupsd.xml000064400000000435151701523520010553 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>apcupsd</short>
  <description>The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.</description>
  <port port="3551" protocol="tcp"/>
</service>
services/audit.xml000064400000000455151701523520010224 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>Audit</short>
    <description>The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client.</description>
    <port protocol="tcp" port="60"/>
</service>
services/bacula-client.xml000064400000000500151701523520011610 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bacula Client</short>
  <description>This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.</description>
  <port protocol="tcp" port="9102"/>
</service>
services/bacula.xml000064400000000532151701523530010342 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bacula</short>
  <description>Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.</description>
  <port protocol="tcp" port="9101"/>
  <port protocol="tcp" port="9102"/>
  <port protocol="tcp" port="9103"/>
</service>
services/bb.xml000064400000000655151701523530007504 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Big Brother</short>
  <description>Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is.</description>
  <port protocol="tcp" port="1984"/>
  <port protocol="udp" port="1984"/>
</service>
services/bgp.xml000064400000000523151701523530007663 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>BGP service listen</short>
  <description>Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet</description>
  <port protocol="tcp" port="179"/>
</service>
services/bitcoin-rpc.xml000064400000000423151701523530011323 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bitcoin RPC</short>
  <description>Enable this option if you need access to the Bitcoin RPC interface.  This is not required when connecting on localhost.</description>
  <port protocol="tcp" port="8332"/>
</service>
services/bitcoin-testnet-rpc.xml000064400000000463151701523530013013 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bitcoin testnet RPC</short>
  <description>Enable this option if you need access to the Bitcoin RPC interface running on the testnet.  This is not required when connecting on localhost.</description>
  <port protocol="tcp" port="18332"/>
</service>
services/bitcoin-testnet.xml000064400000000431151701523530012224 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bitcoin testnet</short>
  <description>The default port used by Bitcoin testnet.  Enable this option if you plan to be a Bitcoin full node on the test network.</description>
  <port protocol="tcp" port="18333"/>
</service>
services/bitcoin.xml000064400000000364151701523530010545 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Bitcoin</short>
  <description>The default port used by Bitcoin.  Enable this option if you plan to be a full Bitcoin node.</description>
  <port protocol="tcp" port="8333"/>
</service>
services/bittorrent-lsd.xml000064400000000632151701523530012070 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>BitTorrent Local Peer Discovery (LSD)</short>
  <description>Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client.</description>
  <port protocol="udp" port="6771"/>
  <destination ipv4="239.192.152.143" ipv6="ff15::efc0:988f"/>
</service>
services/ceph-mon.xml000064400000000446151701523530010625 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ceph-mon</short>
  <description>Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.</description>
  <port protocol="tcp" port="3300"/>
  <port protocol="tcp" port="6789"/>
</service>
services/ceph.xml000064400000000511151701523530010027 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ceph</short>
  <description>Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR).</description>
  <port protocol="tcp" port="6800-7568"/>
</service>
services/cfengine.xml000064400000000250151701523530010666 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>CFEngine</short>
  <description>CFEngine server</description>
  <port protocol="tcp" port="5308"/>
</service>
services/cockpit.xml000064400000000323151701523530010545 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Cockpit</short>
  <description>Cockpit lets you access and configure your server remotely.</description>
  <port protocol="tcp" port="9090"/>
</service>
services/collectd.xml000064400000000450151701523530010703 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Collectd</short>
  <description>Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes.</description>
  <port protocol="udp" port="25826"/>
</service>
services/condor-collector.xml000064400000000404151701523530012361 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>HT Condor Collector</short>
  <description>The HT Condor Collector is needed to organize the condor worker nodes.</description>
  <port protocol="tcp" port="9618"/> <!-- condor_collector -->
</service>
services/ctdb.xml000064400000000450151701523530010026 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>CTDB</short>
  <description>CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.</description>
  <port protocol="tcp" port="4379"/>
  <port protocol="udp" port="4379"/>
</service>
services/dhcp.xml000064400000000343151701523530010031 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DHCP</short>
  <description>This allows a DHCP server to accept messages from DHCP clients and relay agents.</description>
  <port protocol="udp" port="67"/>
</service>
services/dhcpv6-client.xml000064400000000461151701523530011562 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DHCPv6 Client</short>
  <description>This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.</description>
  <port protocol="udp" port="546"/>
  <destination ipv6="fe80::/64"/>
</service>
services/dhcpv6.xml000064400000000352151701523530010305 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DHCPv6</short>
  <description>This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.</description>
  <port protocol="udp" port="547"/>
</service>
services/distcc.xml000064400000000315151701523530010363 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>distcc</short>
  <description>Distcc is a protocol used for distributed compilation.</description>
  <port port="3632" protocol="tcp"/>
</service>
services/dns-over-tls.xml000064400000000476151701523530011457 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS over TLS</short>
  <description>DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol</description>
  <port protocol="tcp" port="853"/>
</service>
services/dns.xml000064400000000532151701523530007677 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS</short>
  <description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
  <port protocol="tcp" port="53"/>
  <port protocol="udp" port="53"/>
</service>
services/docker-registry.xml000064400000000566151701523530012237 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Docker Registry</short>
  <description>Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.</description>
  <port protocol="tcp" port="5000"/>
</service>
services/docker-swarm.xml000064400000000607151701523530011514 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Docker integrated swarm mode</short>
  <description>Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.</description>
  <port port="2377" protocol="tcp"/>
  <port port="7946" protocol="tcp"/>
  <port port="7946" protocol="udp"/>
  <port port="4789" protocol="udp"/>
  <protocol value="esp"/>
</service>
services/dropbox-lansync.xml000064400000000344151701523530012236 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service version="1.0">
  <short>dropboxlansync</short>
  <description>Dropbox LAN sync</description>
  <port protocol="udp" port="17500"/>
  <port protocol="tcp" port="17500"/>
</service>
services/elasticsearch.xml000064400000000522151701523530011724 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Elasticsearch</short>
  <description>Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.</description>
  <port protocol="tcp" port="9300"/>
  <port protocol="tcp" port="9200"/>
</service>
services/etcd-client.xml000064400000000460151701523530011306 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>etcd Client</short>
  <description>etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.</description>
  <port port="2379" protocol="tcp"/>
</service>
services/etcd-server.xml000064400000000460151701523530011336 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>etcd Server</short>
  <description>etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.</description>
  <port port="2380" protocol="tcp"/>
</service>
services/finger.xml000064400000000340151701523530010362 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>finger</short>
  <description>Finger is a protocol for obtaining information about users on remote hosts.</description>
  <port port="79" protocol="tcp"/>
</service>
services/foreman-proxy.xml000064400000000416151701523530011722 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>foreman-proxy</short>
  <description>The Smart Proxy is a project which provides a restful API to various sub-systems.</description>
  <include service="foreman"/>
  <port protocol="tcp" port="8443"/>
</service>
services/foreman.xml000064400000000630151701523530010541 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>foreman</short>
  <description>Foreman is a complete lifecycle management tool for physical and virtual servers.</description>
  <include service="dns"/>
  <include service="http"/>
  <include service="https"/>
  <include service="dhcp"/>
  <include service="tftp"/>
  <port protocol="udp" port="68"/>
  <port protocol="tcp" port="8140"/>
</service>
services/freeipa-4.xml000064400000001305151701523530010666 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA 4 server</short>
  <description>FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory.</description>
  <!-- CRL and OCSP -->
  <include service="http"/>
  <!-- API and web UI -->
  <include service="https"/>

  <include service="kerberos"/>
  <include service="kpasswd"/>
  <include service="ldap"/>
  <include service="ldaps"/>
</service>
services/freeipa-ldap.xml000064400000000750151701523530011446 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA with LDAP (deprecated)</short>
  <description>This service is deprecated. Please use freeipa-4 service instead.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
  <port protocol="udp" port="123"/>
  <port protocol="tcp" port="389"/>
</service>
services/freeipa-ldaps.xml000064400000000751151701523530011632 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA with LDAPS (deprecated)</short>
  <description>This service is deprecated. Please use freeipa-4 service instead.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
  <port protocol="udp" port="123"/>
  <port protocol="tcp" port="636"/>
</service>
services/freeipa-replication.xml000064400000000362151701523530013036 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA replication (deprecated)</short>
  <description>This service is deprecated. Please use freeipa-4 service instead.</description>
  <port protocol="tcp" port="7389"/>
</service>
services/freeipa-trust.xml000064400000001221151701523530011701 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA trust setup</short>
  <description>FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory</description>
  <port protocol="tcp" port="135"/>
  <port protocol="tcp" port="138-139"/>
  <port protocol="udp" port="138-139"/>
  <port protocol="tcp" port="389"/>
  <port protocol="udp" port="389"/>
  <port protocol="tcp" port="445"/>
  <port protocol="udp" port="445"/>
  <port protocol="tcp" port="49152-65535"/><!-- Dynamic RPC Ports -->
  <port protocol="tcp" port="3268"/>
</service>
services/ftp.xml000064400000000551151701523530007705 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FTP</short>
  <description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="21"/>
  <helper name="ftp"/>
</service>
services/galera.xml000064400000000444151701523530010350 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Galera</short>
  <description>MariaDB-Galera Database Server</description>
  <port protocol="tcp" port="3306"/>
  <port protocol="tcp" port="4567"/>
  <port protocol="tcp" port="4568"/>
  <port protocol="tcp" port="4444"/>
</service>
services/ganglia-client.xml000064400000000270151701523530011770 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ganglia-client</short>
  <description>Ganglia monitoring daemon</description>
  <port protocol="tcp" port="8660"/>
</service>
services/ganglia-master.xml000064400000000260151701523530012004 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ganglia-master</short>
  <description>Ganglia collector</description>
  <port protocol="tcp" port="8651"/>
</service>
services/git.xml000064400000000324151701523530007675 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>git</short>
  <description>The git daemon for supporting git:// access to git repositories.</description>
  <port protocol="tcp" port="9418"/>
</service>
services/grafana.xml000064400000000332151701523530010510 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>grafana</short>
  <description>Grafana is an open platform for beautiful analytics and monitoring</description>
  <port protocol="tcp" port="3000"/>
</service>
services/gre.xml000064400000000167151701523530007674 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
    <protocol value="gre"/>
    <helper name="proto-gre"/>
</service>
services/high-availability.xml000064400000001140151701523530012476 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Red Hat High Availability</short>
  <description>This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.</description>
  <port protocol="tcp" port="2224"/>
  <port protocol="tcp" port="3121"/>
  <port protocol="tcp" port="5403"/>
  <port protocol="udp" port="5404"/>
  <port protocol="udp" port="5405-5412"/>
  <port protocol="tcp" port="9929"/>
  <port protocol="udp" port="9929"/>
  <port protocol="tcp" port="21064"/>
</service>
services/http.xml000064400000000541151701523530010072 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>WWW (HTTP)</short>
  <description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
  <port protocol="tcp" port="80"/>
</service>
services/https.xml000064400000000700151701523530010252 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Secure WWW (HTTPS)</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="443"/>
</service>
services/imap.xml000064400000000507151701523530010043 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>IMAP</short>
  <description>The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.</description>
  <port protocol="tcp" port="143"/>
</service>
services/imaps.xml000064400000000564151701523530010231 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>IMAP over SSL</short>
  <description>The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.</description>
  <port protocol="tcp" port="993"/>
</service>
services/ipp-client.xml000064400000000706151701523530011162 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Network Printing Client (IPP)</short>
  <description>The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.</description>
  <port protocol="udp" port="631"/>
</service>
services/ipp.xml000064400000000653151701523530007707 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Network Printing Server (IPP)</short>
  <description>The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.</description>
  <port protocol="tcp" port="631"/>
  <port protocol="udp" port="631"/>
</service>
services/ipsec.xml000064400000001576151701523530010227 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>IPsec</short>
  <description>Internet Protocol Security (IPsec) is the standarized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practise.</description>
  <port protocol="ah" port=""/>
  <port protocol="esp" port=""/>
  <port protocol="udp" port="500"/>
  <port protocol="udp" port="4500"/>
  <port protocol="tcp" port="4500"/>
</service>
services/irc.xml000064400000000367151701523530007676 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>IRC</short>
  <description>An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.</description>
  <port protocol="tcp" port="6667"/>
</service>
services/ircs.xml000064400000000377151701523530010062 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>IRC TLS/SSL</short>
  <description>An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.</description>
  <port protocol="tcp" port="6697"/>
</service>
services/iscsi-target.xml000064400000000410151701523530011504 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>iSCSI target</short>
  <description>Internet SCSI target is a storage resource located on an iSCSI server.</description>
  <port protocol="tcp" port="3260"/>
  <port protocol="udp" port="3260"/>
</service>
services/isns.xml000064400000000546151701523530010074 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>iSNS</short>
  <description>The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network.</description>
  <port port="3205" protocol="tcp"/>
  <port port="3205" protocol="udp"/>
</service>
services/jenkins.xml000064400000000325151701523530010554 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>jenkins</short>
  <description>Jenkins is an open source automation server written in Java.</description>
  <port protocol="tcp" port="8080"/>
</service> 
services/kadmin.xml000064400000000266151701523530010362 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kadmin</short>
  <description>Kerberos Administration Protocol</description>
  <port protocol="tcp" port="749"/>
</service>
services/kdeconnect.xml000064400000000420151701523530011224 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>KDE Connect</short>
  <description>KDE Connect is an application to connect your phone to your computer.</description>
  <port port="1714-1764" protocol="tcp"/>
  <port port="1714-1764" protocol="udp"/>
</service>
services/kerberos.xml000064400000000351151701523530010726 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Kerberos</short>
  <description>Kerberos network authentication protocol server</description>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
</service>
services/kibana.xml000064400000000600151701523530010334 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Kibana</short>
  <description>Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.</description>
  <port protocol="tcp" port="5601"/>
</service>
services/klogin.xml000064400000000371151701523530010377 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>klogin</short>
  <description>The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.</description>
  <port port="543" protocol="tcp"/>
</service>
services/kpasswd.xml000064400000000335151701523530010570 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Kpasswd</short>
  <description>Kerberos password (Kpasswd) server</description>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
</service>
services/kprop.xml000064400000000266151701523530010252 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kprop</short>
  <description>Kerberos KDC Propagation Protocol</description>
  <port protocol="tcp" port="754"/>
</service>
services/kshell.xml000064400000000362151701523530010376 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kshell</short>
  <description>Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5</description>
  <port port="544" protocol="tcp"/>
</service>
services/kube-apiserver.xml000064400000000464151701523530012043 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Kubernetes Api Server</short>
  <description>The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.</description>
  <port protocol="tcp" port="6443"/>
</service>

services/ldap.xml000064400000000307151701523530010033 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>LDAP</short>
  <description>Lightweight Directory Access Protocol (LDAP) server</description>
  <port protocol="tcp" port="389"/>
</service>
services/ldaps.xml000064400000000350151701523530010214 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>LDAPS</short>
  <description>Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server</description>
  <port protocol="tcp" port="636"/>
</service>
services/libvirt-tls.xml000064400000000601151701523530011363 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Virtual Machine Management (TLS)</short>
  <description>Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.</description>
  <port protocol="tcp" port="16514"/>
</service>
services/libvirt.xml000064400000000605151701523530010567 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Virtual Machine Management</short>
  <description>Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.</description>
  <port protocol="tcp" port="16509"/>
</service>
services/lightning-network.xml000064400000000415151701523530012565 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Lightning Network</short>
  <description>The default port used by Lightning Network.  Enable this option if you plan to be a Lightning Network node.</description>
  <port protocol="tcp" port="9735"/>
</service>
services/llmnr.xml000064400000000504151701523530010236 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Link-Local Multicast Name Resolution (LLMNR)</short>
  <description>LLMNR allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.</description>
  <port protocol="tcp" port="5355"/>
  <port protocol="udp" port="5355"/>
</service>
services/managesieve.xml000064400000000535151701523530011402 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ManageSieve</short>
  <description>The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.</description>
  <port protocol="tcp" port="4190"/>
</service>
services/matrix.xml000064400000000660151701523530010421 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Matrix</short>
  <description>Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room.</description>
  <include service="https"/>
  <port port="8448" protocol="tcp"/>
</service>
services/mdns.xml000064400000000650151701523530010055 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Multicast DNS (mDNS)</short>
  <description>mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.</description>
  <port protocol="udp" port="5353"/>
  <destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
</service>
services/memcache.xml000064400000000365151701523530010661 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>memcache</short>
  <description>memcache is a high-performance object caching system.</description>
  <port protocol="tcp" port="11211"/>
  <port protocol="udp" port="11211"/>
</service>
services/minidlna.xml000064400000000527151701523530010712 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>MiniDLNA</short>
  <description>MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service.</description>
  <port protocol="tcp" port="8200"/>
  <port protocol="udp" port="1900"/>
</service>
services/mongodb.xml000064400000000355151701523530010543 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>mongodb</short>
  <description>MongoDB is a free and open-source cross-platform document-oriented database program.</description>
  <port protocol="tcp" port="27017"/>
</service>
services/mosh.xml000064400000000731151701523530010062 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mobile shell that supports roaming and intelligent local echo.</short>
  <description>Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of "network lag" on high-latency connections.</description>
  <port protocol="udp" port="60000-61000"/>
</service>
services/mountd.xml000064400000000323151701523530010417 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>mountd</short>
  <description>NFS Mount Lock Daemon</description>
  <port protocol="tcp" port="20048"/>
  <port protocol="udp" port="20048"/>
</service>
services/mqtt-tls.xml000064400000000450151701523530010677 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>mqtt-tls</short>
  <description>The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.</description>
  <port port="8883" protocol="tcp"/>
</service>
services/mqtt.xml000064400000000437151701523530010104 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>mqtt</short>
  <description>The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.</description>
  <port port="1883" protocol="tcp"/>
</service>
services/ms-wbt.xml000064400000000276151701523530010331 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ms-wbt</short>
  <description>Microsoft Windows-based Terminal Server</description>
  <port protocol="tcp" port="3389"/>
</service>
services/mssql.xml000064400000000252151701523530010251 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>mssql</short>
  <description>Microsoft SQL Server</description>
  <port protocol="tcp" port="1433"/>
</service>
services/murmur.xml000064400000000362151701523530010443 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Murmur</short>
  <description>Murmur is the server of the Mumble VoIP chat system.</description>
  <port protocol="tcp" port="64738"/>
  <port protocol="udp" port="64738"/>
</service>
services/mysql.xml000064400000000253151701523530010260 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>MySQL</short>
  <description>MySQL Database Server</description>
  <port protocol="tcp" port="3306"/>
</service>
services/nbd.xml000064400000000372151701523530007660 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NBD</short>
  <description>Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines.</description>
  <port protocol="tcp" port="10809"/>
</service>
services/nfs.xml000064400000000504151701523530007700 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NFS4</short>
  <description>The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description>
  <port protocol="tcp" port="2049"/>
</service>
services/nfs3.xml000064400000000526151701523530007767 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NFS3</short>
  <description>The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description>
  <port protocol="tcp" port="2049"/>
  <port protocol="udp" port="2049"/>
</service>
services/nmea-0183.xml000064400000000445151701523530010427 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>nmea-0183</short>
  <description>NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices.</description>
  <port protocol="tcp" port="10110" />
  <port protocol="udp" port="10110" />
</service>
services/nrpe.xml000064400000000367151701523530010065 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NRPE</short>
  <description>NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.</description>
  <port protocol="tcp" port="5666"/>
</service>
services/ntp.xml000064400000000605151701523530007715 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Network Time Protocol (NTP) Server</short>
  <description>The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.</description>
  <port protocol="udp" port="123"/>
</service>
services/nut.xml000064400000000560151701523530007722 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NUT</short>
  <description>Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.</description>
  <port port="3493" protocol="tcp"/>
  <!-- <port port="3493" protocol="udp"/> according to upstream never really worked over UDP -->
</service>
services/openvpn.xml000064400000000517151701523530010603 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>OpenVPN</short>
  <description>OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.</description>
  <port protocol="udp" port="1194"/>
</service>
services/ovirt-imageio.xml000064400000000404151701523530011664 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>oVirt Image I/O</short>
  <description>oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.</description>
  <port protocol="tcp" port="54322"/>
</service>
services/ovirt-storageconsole.xml000064400000000527151701523530013307 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>oVirt Storage-Console</short>
  <description>oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.</description>
  <port protocol="tcp" port="55863"/>
  <port protocol="tcp" port="39543"/>
</service>
services/ovirt-vmconsole.xml000064400000000353151701523530012262 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>oVirt VM Console</short>
  <description>oVirt VM Consoles enables secure access to virtual machine serial console.</description>
  <port protocol="tcp" port="2223"/>
</service>
services/plex.xml000064400000002000151701523530010053 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>PLEX</short>
  <description> Plex Media Server (PMS) is the back-end media server component of Plex.
  It organizes audio (music) and visual (photos and videos) content from personal media
  libraries and streams it to their player counterparts, either on the same machine,
  the same local area network, or over the Internet. </description>
  <port protocol="tcp" port="32400"/><port protocol="udp" port="32400"/> <!-- Plex media server access (required)> -->
  <port protocol="tcp" port="32469"/><port protocol="udp" port="1900"/> <!-- Plex DLNA -->
  <port protocol="tcp" port="3005"/><!-- plex home theater control (plex companion) -->
  <port protocol="tcp" port="8324"/><!-- Roku control (plex companion) -->
  <port protocol="udp" port="32410"/><!-- gdm discovery -->
  <port protocol="udp" port="32412"/><!-- gdm discovery -->
  <port protocol="udp" port="32413"/><!-- gdm discovery -->
  <port protocol="udp" port="32414"/><!-- gdm discovery -->
</service>
services/pmcd.xml000064400000000661151701523530010041 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Performance metrics collector (pmcd)</short>
  <description>This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.</description>
  <port protocol="tcp" port="44321"/>
</service>
services/pmproxy.xml000064400000000732151701523530010633 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Performance metrics proxy (pmproxy)</short>
  <description>This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.</description>
  <port protocol="tcp" port="44322"/>
</service>
services/pmwebapi.xml000064400000000714151701523530010721 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Performance metrics web API (pmwebapi)</short>
  <description>This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.</description>
  <port protocol="tcp" port="44323"/>
</service>
services/pmwebapis.xml000064400000001040151701523530011075 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Secure performance metrics web API (pmwebapis)</short>
  <description>This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.</description>
  <port protocol="tcp" port="44324"/>
</service>
services/pop3.xml000064400000000534151701523530007776 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>POP-3</short>
  <description>The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).</description>
  <port protocol="tcp" port="110"/>
</service>
services/pop3s.xml000064400000000545151701523530010163 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>POP-3 over SSL</short>
  <description>The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).</description>
  <port protocol="tcp" port="995"/>
</service>
services/postgresql.xml000064400000000265151701523530011321 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>PostgreSQL</short>
  <description>PostgreSQL Database Server</description>
  <port protocol="tcp" port="5432"/>
</service>
services/privoxy.xml000064400000000775151701523530010644 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Privoxy - A Privacy Enhancing Proxy Server</short>
  <description>Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.</description>
  <port protocol="tcp" port="8118"/>
</service>
services/prometheus.xml000064400000000325151701523530011306 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>prometheus</short>
  <description>The Prometheus monitoring system and time series database.</description>
  <port protocol="tcp" port="9090"/>
</service>
services/proxy-dhcp.xml000064400000000405151701523530011207 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Proxy DHCP</short>
  <description>PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.</description>
  <port protocol="udp" port="4011"/>
</service>
services/ptp.xml000064400000000650151701523530007717 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Precision Time Protocol (PTP) Master</short>
  <description>The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.</description>
  <port protocol="udp" port="319"/>
  <port protocol="udp" port="320"/>
</service>
services/pulseaudio.xml000064400000000636151701523530011272 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>PulseAudio</short>
  <description>A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.</description>
  <port protocol="tcp" port="4713"/>
</service>
services/puppetmaster.xml000064400000000451151701523530011644 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Puppet Master</short>
  <description>Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.</description>
  <port protocol="tcp" port="8140"/>
</service>
services/quassel.xml000064400000000421151701523530010565 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Quassel IRC</short>
  <description>Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.</description>
  <port protocol="tcp" port="4242"/>
</service>
services/radius.xml000064400000001010151701523530010372 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>RADIUS</short>
  <description>The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.</description>
  <port protocol="tcp" port="1812"/>
  <port protocol="udp" port="1812"/>
  <port protocol="tcp" port="1813"/>
  <port protocol="udp" port="1813"/>
</service>
services/rdp.xml000064400000000267151701523530007705 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>rdp</short>
  <description>Microsoft's Remote Desktop Protocol</description>
  <port protocol="tcp" port="3389"/>
</service>
services/redis-sentinel.xml000064400000000324151701523530012037 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>redis-sentinel</short>
  <description>Redis Sentinel provides high availability for Redis.</description>
  <port protocol="tcp" port="26379"/>
</service>
services/redis.xml000064400000000414151701523530010220 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>redis</short>
  <description>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.</description>
  <port protocol="tcp" port="6379"/>
</service> 
services/rpc-bind.xml000064400000000326151701523530010612 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>rpc-bind</short>
  <description>Remote Procedure Call Bind</description>
  <port protocol="tcp" port="111"/>
  <port protocol="udp" port="111"/>
</service>
services/rquotad.xml000064400000000325151701523530010572 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>rquotad</short>
  <description>Remote Quota Server Daemon</description>
  <port protocol="tcp" port="875"/>
  <port protocol="udp" port="875"/>
</service>
services/rsh.xml000064400000000466151701523530007715 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>rsh</short>
  <description>Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.</description>
  <port port="514" protocol="tcp"/>
</service>
services/rsyncd.xml000064400000000467151701523530010424 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Rsync in daemon mode</short>
  <description>Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.</description>
  <port protocol="tcp" port="873"/>
  <port protocol="udp" port="873"/>
</service>
services/rtsp.xml000064400000000536151701523530010107 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>RTSP</short>
  <description>The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers.</description>
  <port port="554" protocol="tcp"/>
  <port port="554" protocol="udp"/>
</service>
services/salt-master.xml000064400000000511151701523530011344 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Salt Master</short>
  <description>Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.</description>
  <port port="4505" protocol="tcp"/>
  <port port="4506" protocol="tcp"/>
</service>
services/samba-client.xml000064400000000563151701523530011456 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba Client</short>
  <description>This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <helper name="netbios-ns"/>
</service>
services/samba-dc.xml000064400000002422151701523530010562 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba DC</short>
  <description>This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.</description>
  <port protocol="tcp" port="53"/><!-- DNS -->
  <port protocol="udp" port="53"/><!-- DNS -->
  <port protocol="tcp" port="88"/><!-- Kerberos -->
  <port protocol="udp" port="88"/><!-- Kerberos -->
  <port protocol="tcp" port="135"/><!-- End Point Mapper (DCE/RPC Locator Service -->
  <port protocol="udp" port="137"/><!-- NetBIOS Name Service -->
  <port protocol="udp" port="138"/><!-- NetBIOS Datagram -->
  <port protocol="tcp" port="139"/><!-- NetBIOS Session -->
  <port protocol="tcp" port="389"/><!-- LDAP -->
  <port protocol="udp" port="389"/><!-- CLDAP -->
  <port protocol="tcp" port="445"/><!-- SMB over TCP -->
  <port protocol="tcp" port="464"/><!-- Kerberos kpasswd -->
  <port protocol="udp" port="464"/><!-- Kerberos kpasswd -->
  <port protocol="tcp" port="636"/><!-- LDAPS -->
  <port protocol="tcp" port="49152-65535"/><!-- Dynamic RPC Ports -->
  <port protocol="tcp" port="3268"/><!-- Global Catalog -->
  <port protocol="tcp" port="3269"/><!-- Global Catalog SSL -->
  <helper name="netbios-ns"/>
</service>
services/samba.xml000064400000000700151701523530010173 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba</short>
  <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <port protocol="tcp" port="139"/>
  <port protocol="tcp" port="445"/>
  <helper name="netbios-ns"/>
</service>
services/sane.xml000064400000000504151701523530010040 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SANE network daemon (saned)</short>
  <description>The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.</description>
  <port protocol="tcp" port="6566"/>
  <helper name="sane"/>
</service>
services/sip.xml000064400000000760151701523530007711 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SIP</short>
  <description>The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.</description>
  <port protocol="tcp" port="5060"/>
  <port protocol="udp" port="5060"/>
  <helper name="sip"/>
</service>
services/sips.xml000064400000000433151701523530010071 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SIP-TLS (SIPS)</short>
  <description>SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.</description>
  <port protocol="tcp" port="5061"/>
  <port protocol="udp" port="5061"/>
</service>
services/slp.xml000064400000000453151701523530007713 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SLP</short>
  <description>The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.</description>
  <port port="427" protocol="tcp"/>
  <port port="427" protocol="udp"/>
</service>
services/smtp-submission.xml000064400000000347151701523530012273 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP-Submission)</short>
  <description>SMTP-Submission allows remote users to submit mail over port 587.</description>
  <port protocol="tcp" port="587"/>
</service>
services/smtp.xml000064400000001046151701523530010077 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP)</short>
  <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="25"/>
</service>
services/smtps.xml000064400000001101151701523530010252 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP over SSL)</short>
  <description>This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="465"/>
</service>
services/snmp.xml000064400000000526151701523530010073 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server).</description>
  <port protocol="tcp" port="161"/>
  <port protocol="udp" port="161"/>
</service>
services/snmptrap.xml000064400000000464151701523530010763 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMPTRAP</short>
  <description>SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.</description>
  <port protocol="tcp" port="162"/>
  <port protocol="udp" port="162"/>
</service>
services/spideroak-lansync.xml000064400000000625151701523530012544 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SpiderOak ONE LAN-Sync</short>
  <description>SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.</description>
  <port protocol="udp" port="21327"/>
  <port protocol="udp" port="21328"/>
</service>
services/spotify-sync.xml000064400000000423151701523530011561 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Spotify Client Sync</short>
  <description>The Spotify Client allows you to sync local music files with your phone.</description>
  <port port="57621" protocol="udp"/>
  <port port="57621" protocol="tcp"/>
</service>
services/squid.xml000064400000000255151701523530010242 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>squid</short>
  <description>Squid HTTP proxy server</description>
  <port protocol="tcp" port="3128"/>
</service>
services/ssdp.xml000064400000000645151701523530010071 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Simple Service Discovery Protocol (SSDP)</short>
  <description>The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information.</description>
  <port protocol="udp" port="1900"/>
  <destination ipv4="239.255.255.250" ipv6="FF02::C"/>
</service>
services/ssh.xml000064400000000717151701523530007715 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>
services/steam-streaming.xml000064400000001167151701523530012220 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Steam In-Home Streaming</short>
  <description>Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer.</description>
  <port protocol="tcp" port="27036"/>
  <port protocol="tcp" port="27037"/>
  <port protocol="udp" port="27031-27036"/>
</service>
services/svdrp.xml000064400000000437151701523530010255 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SVDRP</short>
  <description>The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.</description>
  <port port="6419" protocol="tcp"/>
  <port port="6419" protocol="udp"/>
</service>
services/svn.xml000064400000000347151701523530007725 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Subversion</short>
  <description>The custom, unencrypted protocol used the Subversion Version Control System.</description>
  <port port="3690" protocol="tcp"/>
</service>
services/telnet.xml000064400000000611151701523530010404 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Telnet</short>
  <description>Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.</description>
  <port port="23" protocol="tcp"/>
</service>
services/tentacle.xml000064400000000374151701523530010716 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>tentacle</short>
  <description>Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation.</description>
  <port protocol="tcp" port="41121"/>
</service>
services/tftp-client.xml000064400000000440151701523530011342 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>TFTP Client</short>
  <description>This option allows you to access Trivial File Transfer Protocol (TFTP) servers. You need the tftp package installed for this option to be useful.</description>
  <helper name="tftp"/>
</service>
services/tftp.xml000064400000000650151701523530010071 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>TFTP</short>
  <description>The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).</description>
  <port protocol="udp" port="69"/>
  <helper name="tftp"/>
</service>
services/tile38.xml000064400000000335151701523530010224 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>tile38</short>
  <description>Tile38 is a geospatial database, spatial index, and realtime geofence.</description>
  <port protocol="tcp" port="9851"/>
</service>
services/tinc.xml000064400000000520151701523530010045 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>tinc VPN</short>
  <description>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.</description>
  <port protocol="tcp" port="655"/>
  <port protocol="udp" port="655"/>
</service>
services/tor-socks.xml000064400000001403151701523530011035 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Tor - SOCKS Proxy</short>
  <description>Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.</description>
  <port protocol="tcp" port="9050"/>
</service>
services/transmission-client.xml000064400000000364151701523530013123 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Transmission</short>
  <description>Transmission is a lightweight BitTorrent client.</description>
  <port protocol="tcp" port="51413"/>
  <port protocol="udp" port="51413"/>
</service>
services/upnp-client.xml000064400000000410151701523530011344 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>UPnP Client</short>
  <description>Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones).</description>
  <source-port port="1900" protocol="udp"/>
</service>
services/vdsm.xml000064400000001121151701523530010057 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>oVirt's Virtual Desktop and Server Manager</short>
  <description>The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.</description>
  <port protocol="tcp" port="54321"/> <!-- vdsmd -->
  <port protocol="tcp" port="5900-6923"/> <!-- guest consoles -->
  <port protocol="tcp" port="49152-49216"/> <!-- migration -->
</service>
services/vnc-server.xml000064400000000733151701523530011210 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Virtual Network Computing Server (VNC)</short>
  <description>A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.</description>
  <port protocol="tcp" port="5900-5903"/>
</service>
services/wbem-http.xml000064400000000540151701523530011021 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>wbem-http</short>
  <description>Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.</description>
  <port protocol="tcp" port="5988"/>
</service>

services/wbem-https.xml000064400000000466151701523530011213 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>wbem-https</short>
  <description>Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments</description>
  <port protocol="tcp" port="5989"/>
</service>

services/wsman.xml000064400000000474151701523530010245 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>wsman</short>
  <description>Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted</description>
  <port port="5985" protocol="tcp"/>
</service>
services/wsmans.xml000064400000000503151701523530010421 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>wsmans</short>
  <description>Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.</description>
  <port port="5986" protocol="tcp"/>
</service>
services/xdmcp.xml000064400000000511151701523530010223 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>XDMCP</short>
  <description>The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.</description>
  <port port="177" protocol="tcp"/>
  <port port="177" protocol="udp"/>
</service>
services/xmpp-bosh.xml000064400000000775151701523530011041 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>XMPP (Jabber) web client</short>
  <description>Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.</description>
  <port protocol="tcp" port="5280"/>
</service>
services/xmpp-client.xml000064400000000750151701523530011355 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>XMPP (Jabber) client</short>
  <description>Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.</description>
  <port protocol="tcp" port="5222"/>
</service>
services/xmpp-local.xml000064400000000410151701523530011162 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>XMPP Link-Local Messaging</short>
  <description>Serverless XMPP-like communication over local networks based on zero-configuration networking.</description>
  <port protocol="tcp" port="5298"/>
</service>
services/xmpp-server.xml000064400000001041151701523530011377 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>XMPP (Jabber) server</short>
  <description>Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.</description>
  <port protocol="tcp" port="5269"/>
</service>
services/zabbix-agent.xml000064400000000472151701523530011471 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Zabbix Agent</short>
  <description>Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.</description>
  <port protocol="tcp" port="10050"/>
</service>
services/zabbix-server.xml000064400000000473151701523530011702 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Zabbix Server</short>
  <description>Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.</description>
  <port protocol="tcp" port="10051"/>
</service>
services/RH-Satellite-6-capsule.xml000064400000000575151701523530013154 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Red Hat Satellite 6 Capsule</short>
  <description>Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.</description>
  <include service="RH-Satellite-6"/>
  <port protocol="tcp" port="8443"/>
</service>
services/syncthing-gui.xml000064400000000451151701523530011703 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Syncthing GUI</short>
  <description>Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly).</description>
  <port protocol="tcp" port="8384"/>
</service>
services/syncthing.xml000064400000000536151701523530011125 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Syncthing</short>
  <description>Syncthing is a peer-to-peer file synchronization service. Enable this option, if you plan to run the Syncthing service.</description>
  <port protocol="tcp" port="22000"/>
  <port protocol="udp" port="22000"/>
  <port protocol="udp" port="21027"/>
</service>
services/synergy.xml000064400000000760151701523530010616 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Synergy</short>
  <description>Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.</description>
  <port protocol="tcp" port="24800"/>
</service>
services/syslog-tls.xml000064400000000674151701523540011243 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>syslog-tls</short>
  <description>Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.</description>
  <port protocol="tcp" port="6514"/>
  <port protocol="udp" port="6514"/>
</service>
services/syslog.xml000064400000000511151701523540010431 0ustar00<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>syslog</short>
  <description>Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.</description>
  <port protocol="udp" port="514"/>
</service>
zones/nm-shared.xml000064400000001331151701523540010303 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>NetworkManager Shared</short>

  <description>
    This zone is used internally by NetworkManager when activating a
    profile that uses connection sharing and doesn't have an explicit
    firewall zone set.
    Block all traffic to the local machine except ICMP, ICMPv6, DHCP
    and DNS. Allow all forwarded traffic.
    Note that future package updates may change the definition of the
    zone unless you overwrite it with your own definition.
  </description>

  <rule priority='32767'>
    <reject/>
  </rule>

  <protocol value='icmp'/>
  <protocol value='ipv6-icmp'/>
  <service name="dhcp"/>
  <service name="dns"/>
  <service name="ssh"/>
</zone>
zones/block.xml000064400000000453151701523540007523 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone target="%%REJECT%%">
  <short>Block</short>
  <description>Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
</zone>
zones/dmz.xml000064400000000445151701523540007224 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>DMZ</short>
  <description>For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
</zone>
zones/drop.xml000064400000000443151701523540007374 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
  <short>Drop</short>
  <description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
</zone>
zones/external.xml000064400000000460151701523540010251 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>External</short>
  <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <masquerade/>
</zone>
zones/home.xml000064400000000615151701523540007361 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Home</short>
  <description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="mdns"/>
  <service name="samba-client"/>
  <service name="dhcpv6-client"/>
  <service name="cockpit"/>
</zone>
zones/internal.xml000064400000000634151701523540010246 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Internal</short>
  <description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="mdns"/>
  <service name="samba-client"/>
  <service name="dhcpv6-client"/>
  <service name="cockpit"/>
</zone>
zones/public.xml000064400000000527151701523540007711 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <service name="cockpit"/>
</zone>
zones/trusted.xml000064400000000242151701523540010117 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>Trusted</short>
  <description>All network connections are accepted.</description>
</zone>
zones/work.xml000064400000000523151701523540007411 0ustar00<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Work</short>
  <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <service name="cockpit"/>
</zone>
COPYING000064400000043254151702573330005615 0ustar00                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

  The licenses for most software are designed to take away your
freedom to share and change it.  By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.  This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it.  (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.)  You can apply it to
your programs, too.

  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

  To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.

  We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

  Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

  Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

  The precise terms and conditions for copying, distribution and
modification follow.

                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License.  The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language.  (Hereinafter, translation is included without limitation in
the term "modification".)  Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope.  The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

  1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

  2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.

    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.

    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole.  If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works.  But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

  3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.  However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

  4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License.  Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

  5. You are not required to accept this License, since you have not
signed it.  However, nothing else grants you permission to modify or
distribute the Program or its derivative works.  These actions are
prohibited by law if you do not accept this License.  Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

  6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions.  You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

  7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License.  If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all.  For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices.  Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

  8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded.  In such case, this License incorporates
the limitation as if written in the body of this License.

  9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number.  If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation.  If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

  10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission.  For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this.  Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

                            NO WARRANTY

  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

                     END OF TERMS AND CONDITIONS

            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License.  Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary.  Here is a sample; alter the names:

  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.

  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs.  If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library.  If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
README000064400000015734151702573330005444 0ustar00README for firewalld
====================

firewalld provides a dynamically managed firewall with support for network or 
firewall zones to define the trust level of network connections or interfaces. 
It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a 
separation of runtime and permanent configuration options. It also provides an 
interface for services or applications to add ip*tables and ebtables rules 
directly. 


Development
-----------
To check out the source repository, you can use:

  git clone https://github.com/firewalld/firewalld.git

This will create a local copy of the repository.

Language Translations
---------------------
Firewalld uses GNU gettext for localization support. Translations can be done
using Fedora's Weblate instance [1]. Translations are periodically merged into
the main firewalld repository.

[1] https://translate.stg.fedoraproject.org/projects/firewalld/

Working With The Source Repository
----------------------------------
Install the following requirements or packages:

  desktop-file-utils: /usr/bin/desktop-file-install
  gettext
  intltool
  glib2: /usr/bin/glib-compile-schemas
  glib2-devel: /usr/share/aclocal/gsettings.m4
  systemd-units
  iptables
  ebtables
  ipset

For use with Python 3:

  python3-dbus
  python3-slip-dbus
  python3-decorator
  python3-gobject
  python3-nftables (nftables >= 0.9.3)

For use with Python 2:

  dbus-python
  python-slip-dbus (http://fedorahosted.org/python-slip)
  python-decorator
  pygobject3-base (non-cairo parts of pygobject3)
  python-nftables (nftables >= 0.9.3)

To be able to create man pages and documentation from docbook files:

  docbook-style-xsl
  libxslt

Use the usual autoconf/automake incantation to generate makefiles

  ./autogen.sh
  ./configure

You can use a specific python interpreter by passing the PYTHON variable. This
is also used by the testsuite.

  ./configure PYTHON=/path/to/python3

Use

  make

to create the documentation and to update the po files.

Use

  make check

to run the testsuite. Tests are run inside network namespaces and do not
interfere with the host's running firewalld. They can also be run in parallel
by passing flags to autotest.

  make check TESTSUITEFLAGS="-j4"

The testsuite also uses keywords to allow running a subset of tests that
exercise a specific area.
For example:

  make check TESTSUITEFLAGS="-k rich -j4"
   24: rich rules audit                                ok
   25: rich rules priority                             ok
   26: rich rules bad                                  ok
   53: rich rules audit                                ok
   23: rich rules good                                 ok
   55: rich rules bad                                  ok
   74: remove forward-port after reload                ok

You can get a list of tests and keywords

  make -C src/tests check TESTSUITEFLAGS="-l"

Or just the keywords

  make -C src/tests check TESTSUITEFLAGS="-l" \
    |awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \
    |tr ' ' '\n' |sort |uniq

There are integration tests. Currently this includes NetworkManager. These may
be _destructive_ to the host. Run them in a disposable VM or container.

    make check-integration

There is also a check-container target that will run the testsuite inside
various podman/docker containers. This is useful for coverage of multiple
distributions. It also runs tests that may be destructive to the host such as
integration tests.

  make check-container TESTSUITEFLAGS="-j4"

OCI Container Image
-------------------
As part of the `dist` build target an OCI container image is generated. This is
distributed alongside the normal release tarball. It can be used to run
firewalld from a container. The containerized firewalld will _not_ integrate
with the host (e.g. podman, libvirt, NetworkManager).

To manually load the container image into your environment:
        
  # podman load -i .../path/to/firewalld-oci-<ver>.tar

To fetch the image from quay.io:

  # podman pull quay.io/firewalld/firewalld:<ver>

where <ver> is optional. latest will be used if omitted.
                  
To start the daemon/container:
                          
  # podman run -d --network host --privileged \
                  --name my-firewalld firewalld

Firewalld's configuration will live inside the container. Therefore
users may want to occasionally `podman commit` the image.

Using firewalld's CLI should be done via podman exec after the
daemon/container has been started:

  # podman exec my-firewalld firewall-cmd ...

### Container Integration with Host

The same container image can be used to integrate with the host's running
NetworkManager, podman, libvirt, etc. This requires the host to have a dbus
policy for firewalld.

A dbus policy can be obtained from the firewalld source code tree at location
`config/FirewallD.conf`.

  # cp config/FirewallD.conf /usr/share/dbus-1/system.d/FirewallD.conf

Once the dbus policy is in place the container could be started as such:

  # podman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \
                  --network host --privileged \
                  --name my-firewalld firewalld \
                  firewalld --nofork --nopid

The only addition are: volume mount, explicit CMD.

The some approach can be use to store firewalld's configuration files on the
host.

  # podman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \
                  -v /etc/firewalld:/etc/firewalld \
                  --network host --privileged \
                  --name my-firewalld firewalld \
                  firewalld --nofork --nopid

RPM package
-----------

For Fedora and RHEL based distributions, there is a spec file in the source
repo named firewalld.spec. This should be usable for Fedora versions >= 16 and
RHEL >= 7.


Links
-----
Homepage:          http://firewalld.org
Report a bug:      https://github.com/firewalld/firewalld/issues
Git repo browser:  https://github.com/firewalld/firewalld
Git repo:          https://github.com/firewalld/firewalld.git
Documentation:     http://firewalld.org/documentation/


Mailing lists
-------------
For usage:         https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/
For development:   https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/


Directory Structure
-------------------
config/                 Configuration files
config/icmptypes/       Predefined ICMP types
config/services/        Predefined services
config/zones/           Predefined zones
config/ipsets/          Predefined ipsets
doc/                    Documentation
doc/man/                Base directory for man pages
doc/man/man1/           Man(1) pages
doc/man/man5/           Man(5) pages
po/                     Translations
shell-completion/       Base directory for auto completion scripts
src/                    Source tree
src/firewall/           Import tree for the sevice and all applications
src/icons/              Icons in the sizes: 16, 22, 24, 32, 48 and scalable
src/tests/              Testsuite
etc/sysconfig/firewalld000064400000000111151707141150011212 0ustar00# firewalld command line args
# possible values: --debug
FIREWALLD_ARGS=
etc/logrotate.d/firewalld000064400000000135151707544660011453 0ustar00/var/log/firewalld {
    weekly
    missingok
    rotate 4
    copytruncate
    minsize 1M
}