[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Script to temporarily "open" port



Alex Malinovich wrote:

On Tue, 2004-12-28 at 16:39 +0100, Laurent CARON wrote:
David Baron wrote:

A home system with an email server, i.e. exim, need not lay "exposed" 24/7. Is there a way to write script to open a port such as SMTP/25 periodically for a certain amount of time, check for activity, wait till free and then close it.

This would be a cron'ed equivalent of bringing up Guarddog or some other IPtables interface, enabling access, waiting a while and seeing no (or no more) activity, bringing it up again and disabling access.




use cron and iptables for it

Allow new connection
wait 10/15 mins
forbid new connections but still allow established ones on port 25

Or you could just set up knockd on the box. It will be a lot safer since
the port will only be opened when you request it with a particular knock
sequence. With a cron job that port will end up being open to the world
at particular times, regardless of who initiated the request.

Knockd is IMHO useful to protect ports on which you want to connect occasionnaly.

Cron can do the job for such a simple iptables command

My 2€ Cents ;)



Reply to: