On Feb 27, 2015, at 8:05 AM, Harald Dunkel <harald.dun...@aixigo.de> wrote:
> On Fri, 27 Feb 2015 12:46:19 +0000
> skin...@britvault.co.uk (Craig Skinner) wrote:
>
>>
>> $ awk '/^domain/ { print $2 }' /etc/services
>> 53/tcp
>> 53/udp
>>
>> Now what? Both? Either? First? Last? Random?
>>
>
> Both.
>
> [demime 1.01d removed an attachment of type application/pgp-signature which
> had a name of signature.asc]
>
Both for DNS per-RFC. But service naming means that both TCP and UDP are
implied, so HTTP in a pf rule would apply to TCP and UDP and UDP is meaningless
in the context of HTTP.
Would it not be better to use service names instead of protocol (i.e.: a rule
with “http” instead of “80”), but not infer protocol, as pf does now ?
