-$IPSET -exist create allowed_udp bitmap:port range 0-65535
-$IPSET -exist create allowed_tcp bitmap:port range 0-65535
-for p in 22 25 53 80 143 443 587 993 1194 5000 5222 5269 22556 64738
-do
- $IPSET -exist add allowed_tcp ${p}
-done
-for p in 53 123 1194 64738
-do
- $IPSET -exist add allowed_udp ${p}
-done
+create_set allowed_udp bitmap:port range 0-65535
+create_set allowed_tcp bitmap:port range 0-65535
+
+# common services
+allow_services ssh smtp submission domain ntp
+
+# per-host services
+srv_file="services.$(hostname -s)"
+if [ -e "${srv_file}" ]
+then
+ . "${srv_file}"
+fi