On 2015-02-27, Harald Dunkel <harald.dun...@aixigo.de> wrote:
> Hi folks,
>
> /etc/services provides protocol information as well, so I wonder
> if a pf line like
>
> pass in from any to (self) port telnet
>
> could be read as
>
> pass in proto tcp from any to (self) port 23
>
> ?
It would be *possible* to modify pfctl's parser to handle this. The
question is whether it's worth the time to implement it and extra
complexity. Note that it would need to handle splitting the rule (cases
like "pass to service {http domain}" shouldn't allow udp to port
80). I don't think it should use the word "port" because that gives
expectations of it *only* looking at the port number.
