Do you know the secret knock?

Discussion in 'Linux' started by jimkd1yv, Oct 17, 2012.

  1. jimkd1yv

    jimkd1yv Well-Known Member

    Joined:
    Jul 6, 2010
    Messages:
    65
    Likes Received:
    1
    My presentation on knockd from tonight's meeting. See additional info at http://www.zeroflux.org/projects/knock

    Jim
     

    Attached Files:

  2. jimkd1yv

    jimkd1yv Well-Known Member

    Joined:
    Jul 6, 2010
    Messages:
    65
    Likes Received:
    1
    Following Dave's questions, I found that indeed, my iptables did not reject port 22 by default. I set it so that it did, even following a reboot. That worked as intended.

    I did find that if I performed a disable of the knocked port, then tried to enable it again without a reboot, it did not work. This was because the enable line was being appended to the end of the iptables chain, and it was after some other line that disabled a more generic case, so my line was never executed.

    This was resolved by changing the iptables command string in the knockd.conf from from a -A to a -I (append changed to insert). Here is how the line looks now in the knockd.conf file.

    command = /usr/sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
     

Share This Page