Joel Franusic

knockd

knockd

Profile

Latest Month

Tags

Page Summary

Syndicate

Tags:

May. 7th, 2007 at 2:51 PM

What I needed to set up a knockd server which closes up the firewall behind me:

# cat /etc/knockd.conf 
[options]
        logfile = /var/log/knockd.log

[pokeSSH]
        sequence       = 1000,2000,3000
        seq_timeout    = 5
        start_command  = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        cmd_timeout    = 30
        stop_command   = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        tcpflags       = syn

# cat iptables_save 
*filter
:INPUT ACCEPT [1838:350285]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3037:1027623]
-A INPUT -p tcp -m tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j DROP 
COMMIT

April 2008