How to add extra ports to /etc/services?

I’m struggling to figure out how to add a few named ports to /etc/services the way I typically would by just editing the file. The files contents are provided by the iana-etc package, but it doesn’t seem there is any way to specify extra. I’ve considered an overlay that adds a postInstallPhase command to append some lines to the installed /etc/services file, but I would much perfer a way to do this without an overlay if possible.

iana-etc is also used to configre /etc/host (networking.nix) but there it also has a cfg.hosts option that can be otherwise configured.

I briefly considered configuring nsswitch.conf to load a different nss service module, but there doesn’t seem to be a way to have that just point to a second file to read service ports from.

Any suggestions?

Easiest way is probably just to patch it:

nixpkgs.overlays = (final: prev: {
  iana-etc = prev.iana-etc.overrideAttrs (old: {
    patchPhase = old.patchPhase + ''
      echo '<some port assignment>' >> services
    '';
  });
});

It wouldn’t be very hard to make an option that does something similar, but you’d probably use runCommand to append or such.

That approach worked for me, but it did trigger rebuilding of a ton of the packages, presumably that use iana-etc? I’m not sure it’s practical if this will rebuild whenever there is an iana-etc update (if I’m understanding how this works, which likely I’m not :grimacing: )

I wonder if this is not a common was for people to specify service ports anymore? I’m a bit surprised this isn’t configurable.

Generally I’d just set the .port option for the corresponding service, if there is such an option, or else configure the service via passing flags to the applicable systemd service (e.g. via systemd.services.<name>.serviceConfig.ExecStart) or via writing to some config file in /etc (via environment.etc). I would not say it’s common to mess about with /etc/services. Maybe I just don’t understand what you’re looking for, though.

specifically, I’m trying to run some service ( I didn’t write the code, just packaging it) that calls getservbyname in C to get the service. my understanding is that it resolves the port with that call by checking the /etc/services file (or, potentially some other mechanism, if nsswitch.conf is configured differently for services).

So I’m trying to figure out how to add the port I want to configure in the package to the /etc/service with the name this application is looking for.

If it really must use getservbyname, then a jank way I could think of would be to override /etc/services to a value of your choosing, e.g.

  environment.etc.services.source = lib.mkForce (pkgs.runCommand "my-etc-services" {} ''
    cat ${pkgs.iana-etc}/etc/services > $out
    echo "myservice 1234/tcp" >> $out
  '');

(I didn’t test this.)

1 Like

Ah, yeah, of course. To avoid that, you’ll have to do something like:

environment.etc = lib.mkForce (pkgs.runCommandLocal "services" ''
  cat '${pkgs.iana-etc}/etc/services' > "$out" <<< EOF
<some assignment here>
EOF
'').outPath;

In a world of containers, host-independent services, port remapping, and full port range assignment yeah, pretty uncommon. This is a very 80’s approach, people tend to just forego pretty names for ports, the idea of having a well-known port for every service is very outdated.

So I’m not surprised it’s not configurable, clearly nobody else has needed to yet. Don’t think there would be much resistance for adding an option upstream either, though.

2 Likes

It’s a very outdated and very much better approach that remembering meaningless numbers. It sad that the files provided by IANA have ossified over 20 years ago. But they kind of sucked at naming ports/protocols consistently anyway, that’s why I maintain my own list:

  environment.etc.services = lib.mkForce {
    source = ./path/to/my/services;
  };
ftp              21/tcp     # File Transfer Protocol (FTP)
tftp             69/udp     # Trivial File Transfer protocol (TFTP)
ftps-data        989/tcp    # FTP over TLS, data channel
ftps-control     990/tcp    # FTP over TLS, control channel

ssh              22/tcp     # Secure Shell (SSH)
telnet           23/tcp     # Telnet
telnets          992/tcp    # Telnet over TLS
smtp             25/tcp     # Simple Mail Transfer protocol (SMTP) submission

bgp              179/tcp    # Border Gateway Protocol (BGP)
irc              194/tcp    # Internet Relay Chat (IRC)
irc              6667/tcp   # IRC, alternative port
ircs             6697/tcp   # IRC over TLS
rtsp             554/tcp    # Real Time Streaming Protocol (RTSP)
rtsp             554/udp    # Real Time Streaming Protocol (RTSP)

dns              53/tcp     # Domain Name System (DNS) Server
dns              53/udp     # Domain Name System (DNS) Server
dot              853/tcp    # DNS over TLS (DoT)
doq              853/udp    # DNS over QUIC (DoQ)
mdns             5353/udp   # Multicast DNS

dnscrypt         443/udp    # DNSCrypt

dhcpv4-server    67/udp     # Dynamic Host Configuration Protocol (DHCP), IPv4 server
dhcpv4-client    68/udp     # Dynamic Host Configuration Protocol (DHCP), IPv4 client
dhcpv6-client    546/udp    # Dynamic Host Configuration Protocol (DHCP), IPv6 server
dhcpv6-server    547/udp    # Dynamic Host Configuration Protocol (DHCP), IPv6 client

http             80/tcp     # HyperText Transfer Protocol (HTTP)
https            443/tcp    # HTTP over TLS
http-alt         8080/tcp   # HTTP, alternative port
https-alt        8443/tcp   # HTTP over TLS, alternative port
gopher           70/tcp     # Gopher
gemini           1965/tcp   # Gemini

traceroute       33434/tcp  # TCP traceroute
traceroute       33434/udp  # UDP traceroute
whois            43/tcp     # WHOIS server
nicname          43/tcp     # WHOIS server (needed by whois command)

kerberos         88/tcp     # Kerberos, ticket service
kerberos         88/udp     # Kerberos, ticket service
kerberos-admin   749/tcp    # Kerberos, administration/password change service

nfs              2049/tcp   # Network File System (NFS)
nfs              2049/udp   # Network File System (NFS)

ntp              123/udp    # Network Time Protocol (NTP)
chrony           323/udp    # Chrony command interface
mpd              6600/tcp   # Music Player Daemon

plan9-fs         564/tcp    # Plan 9, file service (9pfs)
plan9-auth       567/tcp    # Plan 9, auth service
plan9-cpu        17010/tcp  # Plan 9, cpu service
plan9-import     17007/tcp  # Plan 9, import
plan9-secstore   5356/tcp   # Plan 9, secstore

pop3             110/tcp    # Post Office Protocol version 3 (POP3)
pop3s            995/tcp    # POP3 over TLS
imap             143/tcp    # Internet Message Access Protocol (IMAP)
imaps            993/tcp    # IMAP over TLS

netbios-name     137/tcp    # NETBIOS, name service
netbios-name     137/udp    # NETBIOS, name service
netbios-data     138/tcp    # NETBIOS, datagram service
netbios-data     138/udp    # NETBIOS, datagram service
netbios-session  139/tcp    # NETBIOS, session service
netbios-session  139/udp    # NETBIOS, session service

smb              445/tcp    # Server Message Block (SMB)

llmnr            5355/tcp   # Link-Local Multicast Name Resolution (LLMNR)
llmnr            5355/udp   # Link-Local Multicast Name Resolution (LLMNR)

hyperv-rdp       2179/tcp   # Hyper-V Remote Desktop Protocol (RDP)
hyperv-rdp       2179/udp   # Hyper-V Remote Desktop Protocol (RDP)
anydesk          6568/tcp   # AnyDesk remote desktop
teamviewer       5938/tcp   # TeamViewer remote desktop
teamviewer       5938/udp   # TeamViewer remote desktop

doom             666/tcp    # DOOM, id Software
doom             666/udp    # DOOM, id Software
quake            26000/tcp  # Quake, id Software
quake            26000/udp  # Quake, id Software
quake2           27910/udp  # Quake II, id Software
quake3           27960/udp  # Quake III Arena, id Software
warzone2100      2100/tcp   # Warzone 2100
freeciv          5556/tcp   # Freeciv
terraria         7777/tcp   # Terraria
starbound        21025/tcp  # starbound
minecraft        25565/tcp  # Minecraft
minetest         30000/tcp  # Minetest
openarena        27960/udp  # OpenArena
bnet-game        1119/tcp   # Battle.net, game
bnet-game        1119/udp   # Battle.net, game
bnet-file        1120/tcp   # Battle.net, file transfer
bnet-file        1120/udp   # Battle.net, file transfer
warcraft         3724/tcp   # World of Warcraft, Blizzard
warcraft         3724/udp   # World of Warcraft, Blizzard
xbox             3074/tcp   # Xbox game port
xbox             3074/udp   # Xbox game port
quake-world      27500/udp  # Quake world
gog-multiplayer  5687/udp   # GOG multiplayer game protocol

tinc             635/tcp    # Tinc VPN
openvpn          1194/udp   # OpenVPN
ipsec-nat        4500/tcp   # IPsec NAT-Traversal
ipsec-nat        4500/udp   # IPsec NAT-Traversal

radius           1812/udp   # RADIUS
radius-account   1813/udp   # RADIUS, accounting
radius-dynauth   3799/tcp   # RADIUS, dynamic authorization
radius-dynauth   3799/udp   # RADIUS, dynamic authorization

gnunet           2086/tcp   # GNUnet
gnunet           2086/udp   # GNUnet

stun             3478/tcp   # Session Traversal Utilities for NAT (STUN)
stun             3478/udp   # Session Traversal Utilities for NAT (STUN)
turn             3478/tcp   # Traversal Using Relays around NAT (TURN)
turn             3478/udp   # Traversal Using Relays around NAT (TURN)
stuns            5349/udp   # STUN over DTLS
turns            5349/tcp   # TURN over TLS
turns            5349/udp   # TURN over DTLS
teredo           3544/udp   # Teredo Port

apcupsd          3551/tcp   # Apcupsd Information Port
svn              3690/tcp   # Subversion

netboot-pxe      3928/tcp   # PXE NetBoot Manager
netboot-pxe      3928/udp   # PXE NetBoot Manager

gre-in-udp       4754/udp   # GRE-in-UDP Encapsulation
gre-udp-dtls     4755/udp   # GRE-in-UDP Encapsulation with DTLS

sip              5060/tcp   # SIP
sip-tls          5061/tcp   # SIP over TLS
sip-directory    5059/tcp   # SIP Directory Services

xmpp-client      5222/tcp   # Extensible Messaging and Presence Protocol (XMPP), client
xmpp-client-tls  5223/tcp   # Extensible Messaging and Presence Protocol (XMPP), client over TLS
xmpp-server      5269/tcp   # Extensible Messaging and Presence Protocol (XMPP), server

pcp              5351/udp   # Port Control Protocol (PCP)
pcp-multicast    5350/udp   # Port Control Protocol (PCP), Multicast notifications
upnp             1900/udp   # Universal Plug and Play (UPnP) 

zmq-file         5670/tcp   # ZeroMQ, file publish-subscribe
zmq-disc         5670/udp   # ZeroMQ, Local area discovery and messaging

x11              6000/tcp   # X Window System
x11-font         7100/tcp   # X Font Service

privoxy          8118/tcp   # Privoxy web proxy
polipo           8123/tcp   # Polipo caching web proxy
squid            3128/tcp   # Squid proxy
squid-snmp       3401/udp   # Squid proxy, SNMP port
squid-ipc        3130/udp   # Squid proxy, IPC port
squid-htcp       4827/udp   # Squid proxy, HTCP port

raw-print        9100/tcp   # Raw printing (JetDirect, PDL, etc.)
ipp              631/tcp    # Internet Printing Protocol (IPP)
ipps             631/tcp    # IPP over HTTPS

webdav           9800/tcp   # WebDAV
webdav           9802/tcp   # WebDAV over TLS

zabbix-agent     10050/tcp  # Zabbix Agent
zabbix-agent     10050/udp  # Zabbix Agent
zabbix-trapper   10051/tcp  # Zabbix Trapper
zabbix-trapper   10051/udp  # Zabbix Trapper

rsync            873/tcp    # rsync server
plex             32400/tcp  # Plex media server
bittorrent       51413/tcp  # Bittorrent, TCP
bittorrent-utp   51413/udp  # Bittorrent, μTP
bittorrent-track 6881/tcp   # BitTorrent tracker
gnutella         6346/tcp   # Gnutella
gnutella         6346/udp   # Gnutella

dropbox          17500/tcp  # Dropbox LanSync, protocol
dropbox-disc     17500/udp  # Dropbox LanSync, discovery
gdrive-sync      37483/tcp  # Google Drive Sync
syncthing        22000/tcp  # Syncthing, transfer
syncthing        22000/udp  # Syncthing, transfer
syncthing-relay  22067/tcp  # Syncthing, relay
syncthing-disc   21027/udp  # Syncthing, discovery
syncthing-ui     8384/tcp   # Syncthing, Web UI

bitcoin-rpc      8332/tcp   # Bitcoin, RPC
bitcoin          8333/tcp   # Bitcoin, network
monero           18080/tcp  # Monero, network
monero-rpc       18081/tcp  # Monero, RPC

tor              9001/tcp   # Tor
tor-directory    9030/tcp   # Tor, directory port
tor-transparent  9040/tcp   # Tor, transparent proxy port
tor-socks        9050/tcp   # Tor, generic SOCKS port
tor-browser      9050/tcp   # Tor, browser SOCKS port
tor-control      9051/tcp   # Tor, control port

zigbee-ip        17755/tcp  # ZigBee IP Transport Service
zigbee-ip        17755/udp  # ZigBee IP Transport Service
zigbee-ips       17756/tcp  # ZigBee IP Transport Secure Service
zigbee-ips       17756/udp  # ZigBee IP Transport Secure Service
z-wave-s         41230/tcp  # Z-Wave Protocol over TLS
z-wave-s         41230/udp  # Z-Wave Protocol over DTLS

cockroachdb      26257/tcp  # CockroachDB database
mongodb          27017/tcp  # MongoDB database
couchdb          5984/tcp   # CouchDB database
postgresql       5432/tcp   # PostgreSQL database
mysql-classic    3306/tcp   # MySQL database, classic protocol
mysql-extended   33060/tcp  # MySQL database, extended protocol
mysql-router     6446/tcp   # MySQL router, classic protocol
mysql-router     6449/tcp   # MySQL router, extended protocol
redis            6379/tcp   # Redis key-value data store

Now open iftop -P and enjoy your superpowers.

1 Like

I was thinking of doing this, but wasn’t sure how much the current set of services in /etc/services is used. I probably will just do what TLATER said above, and combine the two for now, and dabble with making a PR to make it configurable similar to how hosts is

if we had more files that are straight linked from <package> to /etc i would say it might be worth creating some sort of update scripts that parse the file format on package update and “nix” it so they could easily be added to/merged with and then utilized by the module system… but i don’t think we have many and the few that we have are too obscure (in 2025 standards) to garner much attention

:man_shrugging:

1 Like

The only issue I’ve ever found (2-3 years now) was the whois command using nicname (which, btw, highlights the terrible naming by IANA).

1 Like