www (World-Wide-Web Access) Service

The World Wide Web provides a graphical user interface that enables users to browse a global network of services and documents. SunScreen contains a predefined service definition for WWW that passes TCP connections on port 80.

Not all WWW services on the Internet use port 80; many reside on ports with other numbers, such as 8000 or 8080. If you only allow outbound WWW access under the www service entry, users cannot connect to all WWW resources. To compensate, you can define a new TCP service that enumerates additional nonstandard WWW ports you want to allow, or you can allow TCP access to all ports outbound using the default service.

Do not use the tcp all service to enable inbound www access to your public Web servers. This opens up a large security hole and allows outside users access to any TCP service on your systems. Instead, use a more restrictive service rule, such as the www service definition, with the port your Web server uses (generally port 80).