Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
tools:fwknop [2022/08/28 15:27] – [Setup] darron | tools:fwknop [2023/01/20 20:16] (current) – [Server] darron | ||
---|---|---|---|
Line 4: | Line 4: | ||
Port knocking is used to alter packet filter rules on a host | Port knocking is used to alter packet filter rules on a host | ||
- | dependant upon a secret | + | dependant upon a packet |
It can be used to open a normally closed port to an SSH server | It can be used to open a normally closed port to an SSH server | ||
from a single host for a limited time duration. | from a single host for a limited time duration. | ||
- | ===Setup=== | + | ===Server=== |
==IPtables== | ==IPtables== | ||
Line 17: | Line 17: | ||
</ | </ | ||
- | ==Server== | + | ==FWKNOP== |
- | __Run__ | + | ==Install== |
+ | |||
+ | < | ||
+ | apt install fwknop-server | ||
+ | </ | ||
+ | |||
+ | ==Run== | ||
< | < | ||
/ | / | ||
</ | </ | ||
- | __access.conf__ | + | ==access.conf== |
< | < | ||
Line 33: | Line 39: | ||
</ | </ | ||
- | __fwknop.conf__ | + | ==fwknop.conf== |
< | < | ||
PCAP_INTF eth0; | PCAP_INTF eth0; | ||
+ | </ | ||
+ | |||
+ | ===Client=== | ||
+ | |||
+ | ==Install== | ||
+ | |||
+ | < | ||
+ | apt install fwknop-client | ||
+ | </ | ||
+ | |||
+ | ==.fwknoprc== | ||
+ | |||
+ | < | ||
+ | [default] | ||
+ | |||
+ | [hostname] | ||
+ | SPA_SERVER | ||
+ | ACCESS | ||
+ | ALLOW_IP | ||
+ | KEY | ||
+ | </ | ||
+ | |||
+ | ==.ssh/ | ||
+ | |||
+ | < | ||
+ | Match host hostname exec " | ||
</ | </ | ||