|
|
|
|
@ -92,6 +92,22 @@ restrict the ports to be used for ssh. You can either use **sets**
|
|
|
|
|
tcp dport {23, 25, 80, 443 } redirect to :ssh |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
(just replace the *tcp dport != ...* line above)! |
|
|
|
|
|
|
|
|
|
## "Good ports" |
|
|
|
|
|
|
|
|
|
Over time you will see that there are some ports which are more likely |
|
|
|
|
to be open, even if the network filters your traffic. Some well known |
|
|
|
|
ports for this are: |
|
|
|
|
|
|
|
|
|
* 80: regular http traffic |
|
|
|
|
* 53: DNS, uses UDP by default, but TCP is also part of the standard |
|
|
|
|
* 443: usually has encrypted https traffic |
|
|
|
|
* 783: smtp submission port for sending out emails |
|
|
|
|
|
|
|
|
|
Of course, if the filtering uses deep packet inspection, this will |
|
|
|
|
fail, but then there are other solutions for that... stay tuned!! |
|
|
|
|
|
|
|
|
|
## More of it? |
|
|
|
|
|
|
|
|
|
If you are interested in more of this, we invite you to join our |
|
|
|
|
|
Nico Schottelius
3 years ago