Bug 166443 - /etc/services missing entries for (at least) port 51 and port 5353
/etc/services missing entries for (at least) port 51 and port 5353
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: setup (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-21 12:02 EDT by John Ellson
Modified: 2015-03-04 20:15 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-31 08:05:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description John Ellson 2005-08-21 12:02:00 EDT
Description of problem:
Some package has opened ports 51 and 5353 in /etc/sysconfig/iptables.
I wanted to know what these were, but they are not listed in /etc/services.

Version-Release number of selected component (if applicable):
setup-2.5.46-1


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:
1) All ports opened in iptables should be listed in /etc/services.
2) No port should be allowed to be open in /etc/sysconfig/iptables unless
it is listed in /etc/services.

Additional info:
Comment 1 Phil Knirsch 2006-01-24 14:50:14 EST
I've created and hugely updated /etc/services which contains almost all know
officiall services from IANA.

It can be found here:

http://people.redhat.com/pknirsch/services

Please give it a try and tell me if it works properly now.

Thanks,

Read ya, Phil
Comment 2 John Ellson 2006-01-24 21:36:32 EST
Thanks for this - it looks like a lot of work.

It now lists 5353 (mdns) but there is still no entry for 51 ?

Do you know if iptables consults this file?   Can I now use these service names
instead of numbers?
Comment 3 John Ellson 2006-01-24 21:47:11 EST
ssh and ipp (instead of 22 and 631) seem to work OK, but when I changed:
  -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
to:
  -A RH-Firewall-1-INPUT -p re-mail-ck -j ACCEPT

"service iptables restart" reported:

Applying iptables firewall rules: iptables-restore v1.3.4: unknown protocol
`re-mail-ck' specified.

I tried with and without quotes.

Also it complained about "protocol" instead of "service".

Should I bugzilla these against iptables?
Comment 4 John Ellson 2006-01-24 22:14:25 EST
According to:  http://www.iana.org/assignments/port-numbers
port 51 is:
    la-maint         51/tcp    IMP Logical Address Maintenance
    la-maint         51/udp    IMP Logical Address Maintenance
Comment 5 John Ellson 2006-01-24 22:30:34 EST
Never mind.  -p is for a protocol from /etc/protocols, not a port from /etc/services

    -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
    -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT

work just fine.  (Makes a lot more sense too.)

There is still a service at port 51 in the IANA list that is not in yours though.
Comment 6 Phil Knirsch 2006-01-25 04:17:19 EST
Hm, i've just checked, la-maint is in:

604: la-maint        51/tcp                          # IMP Logical Address
Maintenance
605: la-maint        51/udp                          # IMP Logical Address
Maintenance

And a test app finds them nicely:

#include <stdio.h>
#include <netdb.h>

main(int argc, char *argv[])
{
        struct servent *sv;
        int i;

        sv = getservbyname(argv[1], NULL);
        printf("%s:%d/%s\n", sv->s_name, sv->s_port, sv->s_proto);
}

[pknirsch@hamburg test]$ ./getservbyname la-maint
la-maint:13056/tcp

Read ya, Phil
Comment 7 Phil Knirsch 2006-01-31 08:05:49 EST
Erh, of course, fixed the testcode to do a ntohs() of the s_port, then it
returns the proper and correct result.

Closing bug as RAWHIDE as i'll put the new /etc/services in the official setup
package today.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.