port knocking with knockd

To: debian-user@lists.debian.org
Subject: port knocking with knockd
From: jugree@lavabit.com
Date: Wed, 16 Jan 2013 23:08:15 -0500 (EST)
Message-id: <[🔎] 38781.150.254.37.193.1358395695.squirrel@lavabit.com>

Hello.

I'm trying to enable port knocking with `knockd'.

I configured `/etc/knockd.conf':

(I changed the default ports.)

[options]
        UseSyslog

[openSSH]
        sequence    = 7000,8000,9000
        seq_timeout = 5
        command     = /sbin/iptables -A INPUT -I 6 -p tcp --dport 22 -j
ACCEPT
        tcpflags    = syn
	cmd_timeout = 25

[closeSSH]
        sequence    = 9000,8000,7000
        seq_timeout = 5
        command     = /sbin/iptables -D INPUT -p tcp --dport 22 -j ACCEPT
        tcpflags    = syn

Then `/etc/default/knockd':

START_KNOCKD=1

And started the daemon via `sudo /etc/init.d/knockd start'

BTW, I have the following line in `iptables':

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

I don't have a physical access to the machine. So I decided to keep
the rule and close it from a client:

client$ knock <ip> 9000 8000 7000

Unfortunately, I still can connect to the SSH port.

Did I make a mistake somewhere?

Reply to:

Follow-Ups:
- Re: port knocking with knockd
  - From: Andrew Alderwick <andrew@alderwick.co.uk>

Prev by Date: Re: Basic USB Automounter?
Next by Date: Re: Basic USB Automounter?
Previous by thread: Re: Basic USB Automounter?
Next by thread: Re: port knocking with knockd
Index(es):
- Date
- Thread