Port knocking is a very handy way of opening ports in your firewall e.g. You want to run SSH on the standard port 22, but you don't want this open all the time.
So...
your basic iptables input rule is DENY
Sample iptables.rules file for use with iptables-restore < iptables.rules
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
.
To open this port, you can use a specially sequenced TCP SYN on certain ports to open the SSH port.
e.g. sync connect on ports 1000,2000,3000 and 4000 then your system will open port 22
similarly, you can use another sequence to close port 22
So...
your basic iptables input rule is DENY
Sample iptables.rules file for use with iptables-restore < iptables.rules
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
.
To open this port, you can use a specially sequenced TCP SYN on certain ports to open the SSH port.
e.g. sync connect on ports 1000,2000,3000 and 4000 then your system will open port 22
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 1000,2000,3000,4000
seq_timeout = 5
command = iptables -A INPUT -p tcp --dport 22 - j ACCEPT
tcpflags = synlogfile = /var/log/knockd.log
[openSSH]
sequence = 1000,2000,3000,4000
seq_timeout = 5
command = iptables -A INPUT -p tcp --dport 22 - j ACCEPT
similarly, you can use another sequence to close port 22
No comments:
Post a Comment