// Copyright (c) Tailscale Inc & AUTHORS // SPDX-License-Identifier: BSD-3-Clause // Package policy contains various policy decisions that need to be // shared between the node client & control server. package policy import ( "tailscale.com/tailcfg" ) // IsInterestingService reports whether service s on the given operating // system (a version.OS value) is an interesting enough port to report // to our peer nodes for discovery purposes. func IsInterestingService(s tailcfg.Service, os string) bool { switch s.Proto { case tailcfg.PeerAPI4, tailcfg.PeerAPI6, tailcfg.PeerAPIDNS, tailcfg.AppConnector: return true } if s.Proto != tailcfg.TCP { return false } if os != "windows" { // For non-Windows machines, assume all TCP listeners // are interesting enough. We don't see listener spam // there. return true } // Windows has tons of TCP listeners. We need to move to a denylist // model later, but for now we just allow some common ones: switch s.Port { case 22, // ssh 80, // http 443, // https (but no hostname, so little useless) 3389, // rdp 5900, // vnc 32400, // plex // And now some arbitrary HTTP dev server ports: // Eventually we'll remove this and make all ports // work, once we nicely filter away noisy system // ports. 8000, 8080, 8443, 8888: return true } return false }