Use destination port for Service Endpoint List matching

[ppacher]

What I wanted to do:

I tried to use the "Service endpoint list" configuration option to allow inbound SSH connection to my machine. I want to allow inbound connections to tcp/22 from any host as well as any localhost-only traffic.

What I expected to happen:

I expected that the following settings value would allow inbound SSH from everywhere and all localhost-only traffic:

+ * tcp/22, + localhost, - *

What happened instead

Instead, I encountered multiple issues:

1. + localhost (+ Localhost; the default) is an invalid value (regex mismatch). It seems like + localhost. (notice the dot at the end) does work. So even the default value is invalid.

2. + * tcp/22 does not allow inbound SSH connections. Instead, it allows inbound connections to every port only if the connection source used tcp/22 as the source port. This behavior does not make any sense at all for incoming connections.

How to reproduce it (as minimally and precisely as possible):

Described above.

[dhaavi]

Ah. Regex. 😁

1. I am pretty sure that the regex is in fact correct. I present my evidence:
   a) Works for me. 😂 🤷‍♂️
   b) If the default value would not match, the config system would refuse to register the option: https://github.com/safing/portbase/blob/2b726810cc95ab2954c4446f6e1125ad21f8f06f/config/registry.go#L38

2. This was actually implemented as you expected it in Portmaster v0.3.x. During the big v0.4 revamp this logic we re-implemented to fit the new uniform configuration system. I left the logic for inbound and outbound matching the same, because I did not expect ports to be used for inbound connections, as you would normally always set this on a specific program, like sshd, and not globally.

[dhaavi]

Relabeling as a feature as the current functionality is as desired, but can be improved.

[dhaavi]

This has been implemented a while ago.