główna strona  BrazilFW
Firewall and Router
port knocking
 
I found Judd Vinet's knockd quite useful. It works well on full-size distros like openSUSE and Mandriva. Now I compiled server and client for Brazil Firewall v2.xx and tested them with success.
knockd for BrazilFW 2.xx
  • download daemon package: knockd.tgzmd5
  • copy package to root folder of BFW disk
  • (re)start system, log in
  • add following line to global config:
    KNOCKD_IF='eth0'
    (or another interface instead of eth0)
  • save changes to make them permanent
  • restart system
  • enjoy port-knocking
 
This package launches knockd server automatically on system startup. Use KNOCKD_IF variable to define interface to listen on. If this variable is undefined or empty, then knockd server will not start.
quick hot example
Default /etc/knockd.conf file:
[killme]
  sequence    = 4444,3333,5555
  seq_timeout = 5
  command     = killall knockd
  tcpflags    = syn
It configures knockd to terminate itself on given port-knocking sequence. Try this:
  • issue killall knockd to make sure it isn't running
  • start server in foreground: knockd -i eth0
  • knock from other host with sequence 4444,3333,5555
  • knockd should quit immediately
Judd's configuration example
%IP% in command will be replaced with knocker's IP number.
[options]
  logfile     = /var/log/knockd.log

[openSSH]
  sequence    = 7000,8000,9000
  seq_timeout = 5
  command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
  tcpflags    = syn

[closeSSH]
  sequence    = 9000,8000,7000
  seq_timeout = 5
  command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
  tcpflags    = syn
Remember: never use knocking sequences from examples!
knock for BrazilFW 2.xx
  • precompiled client: knockmd5
knock [options] <host> <port[:proto]> [port[:proto]] ...
options:
  -u, --udp            make all ports hits use UDP (default is TCP)
  -v, --verbose        be verbose
  -V, --version        display version
  -h, --help           this help

example:  knock myserver.example.com 123:tcp 456:udp 789:tcp
wtf is port knocking?
If you do not know what it is, you don't need it.
further reading
 
caretaker: Janusz Wiśniewski :: traffic recording 2759 visitors
mobi