I found Judd Vinet's knockd quite useful. It works well on full-size distros like openSUSE and Mandriva. Now I compiled server and client for Brazil Firewall v2.xx and tested them with success.
|
knockd for BrazilFW 2.xx
This package launches knockd server automatically on system startup. Use KNOCKD_IF variable to define interface to listen on. If this variable is undefined or empty, then knockd server will not start.
quick hot example
Default /etc/knockd.conf file:
[killme] sequence = 4444,3333,5555 seq_timeout = 5 command = killall knockd tcpflags = synIt configures knockd to terminate itself on given port-knocking sequence. Try this:
|
Judd's configuration example
%IP% in command will be replaced with knocker's IP number.
[options] logfile = /var/log/knockd.log [openSSH] sequence = 7000,8000,9000 seq_timeout = 5 command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = syn [closeSSH] sequence = 9000,8000,7000 seq_timeout = 5 command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = synRemember: never use knocking sequences from examples! knock for BrazilFW 2.xx
knock [options] <host> <port[:proto]> [port[:proto]] ... options: -u, --udp make all ports hits use UDP (default is TCP) -v, --verbose be verbose -V, --version display version -h, --help this help example: knock myserver.example.com 123:tcp 456:udp 789:tcp |
wtf is port knocking?
If you do not know what it is, you don't need it.
further reading
|
|