From 94f4274e8f863ebe2e3e5b96b8d5cff4828a4ead Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Thu, 7 Nov 2019 19:04:52 +0100
Subject: [PATCH] +ports

---
 .../contents.lr                                  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr b/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
index 96c131c..9c2f7d0 100644
--- a/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
+++ b/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
@@ -92,6 +92,22 @@ restrict the ports to be used for ssh. You can either use **sets**
 		tcp dport {23, 25, 80, 443 } redirect to :ssh
 ```
 
+(just replace the *tcp dport != ...* line above)!
+
+## "Good ports"
+
+Over time you will see that there are some ports which are more likely
+to be open, even if the network filters your traffic. Some well known
+ports for this are:
+
+* 80: regular http traffic
+* 53: DNS, uses UDP by default, but TCP is also part of the standard
+* 443: usually has encrypted https traffic
+* 783: smtp submission port for sending out emails
+
+Of course, if the filtering uses deep packet inspection, this will
+fail, but then there are other solutions for that... stay tuned!!
+
 ## More of it?
 
 If you are interested in more of this, we invite you to join our