portknocking question
David Hart
ubuntu at tonix.org
Sat Oct 7 19:22:52 UTC 2006
On Sat, Oct 07, 2006 at 10:33:14AM -0700, Noah wrote:
> 1) User needs to telnet to specific port and/or log into a website.
> 2) Learns the IP address that the user is coming from in step 1.
> 3) Opens ssh port to specifically to the IP address grabbed in step 1
> but also keeps ssh port open to statically defined IPs in /etc/rc.firewall .
> 4) As soon as the user disconnects from the ssh port the IP address in
> step 1 no longer can access the ssh port unless they log back in like
> the procedure in step 1.
>
[snip]
> Knock Review:
> This is nice but still requires closing the port as a step when done.
> It would be nice to automatically close the ssh port when the user
> disconnects from the ssh port. Also I am not clear but I don't think
> there is a way to grab the source IP address, right?
The following snippet from /etc/knockd.conf does something like what
you want, I think. Note that the first command is line wrapped.
start_command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 22 -m
state --state NEW -j ACCEPT
cmd_timeout = 10
stop_command = /sbin/iptables -D INPUT 1
The above will open port 22 to NEW connections from the
IP address of the successful 'knock' and close it behind you 10 seconds later. As
long as you allow ESTABLISHED connections you will stay logged in.
--
David Hart <ubuntu at tonix.org>
More information about the ubuntu-users
mailing list