Port Knocking - possible?

  • Hi,


    I am wondering if it is possible to configure Port Knocking in the firewall which comes with OMV (it is Iptables, right)?


    If possible, can anyone point me to a guide or hints on how to configure it?


    Best regards K

  • I got it working as I wanted. Here you are, if anyone else wanna do similar.


    iptables -F
    iptables -X
    iptables -Z


    iptables -N STATE0
    iptables -A STATE0 -j LOG --log-prefix '*** ' -m limit --limit 5/m
    iptables -A STATE0 -p udp --dport 1010 -m recent --name KNOCK1 --set -j DROP
    iptables -A STATE0 -j DROP


    iptables -N STATE1
    iptables -A STATE1 -m recent --name KNOCK1 --remove
    iptables -A STATE1 -j LOG --log-prefix '*** KNOCK 1 ' -m limit --limit 5/m
    iptables -A STATE1 -p udp --dport 2020 -m recent --name KNOCK2 --set -j DROP
    iptables -A STATE1 -j STATE0


    iptables -N STATE2
    iptables -A STATE2 -j LOG --log-prefix '*** KNOCK 2 ' -m limit --limit 5/m
    iptables -A STATE2 -m recent --name KNOCK2 --remove
    iptables -A STATE2 -p udp --dport 3030 -m recent --name KNOCK3 --set -j DROP
    iptables -A STATE2 -j STATE0


    iptables -N STATE3
    iptables -A STATE3 -m recent --name KNOCK3 --remove
    iptables -A STATE3 -j LOG --log-prefix '*** KNOCK OK ' -m limit --limit 5/m
    iptables -A STATE3 -j LOG --log-prefix '*** ' -m limit --limit 5/m
    iptables -A STATE3 -p tcp --dport 22 -j ACCEPT
    iptables -A STATE3 -j STATE0


    iptables -N TRUSTED
    iptables -A TRUSTED -j LOG --log-prefix '*** TRUSTED ' -m limit --limit 5/m
    iptables -A TRUSTED -j ACCEPT


    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
    iptables -A INPUT -p icmp -j ACCEPT


    iptables -A INPUT -p tcp --dport <myPort> -j ACCEPT
    iptables -A INPUT -p tcp --dport <myPort> -j ACCEPT


    iptables -A INPUT -m recent --name KNOCK3 --rcheck -j STATE3 --seconds 30
    iptables -A INPUT -m recent --name KNOCK2 --rcheck -j STATE2 --seconds 30
    iptables -A INPUT -m recent --name KNOCK1 --rcheck -j STATE1 --seconds 30
    iptables -A INPUT -j STATE0

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!