port knocking with knockd
Hello.
I'm trying to enable port knocking with `knockd'.
I configured `/etc/knockd.conf':
(I changed the default ports.)
[options]
UseSyslog
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -A INPUT -I 6 -p tcp --dport 22 -j
ACCEPT
tcpflags = syn
cmd_timeout = 25
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -p tcp --dport 22 -j ACCEPT
tcpflags = syn
Then `/etc/default/knockd':
START_KNOCKD=1
And started the daemon via `sudo /etc/init.d/knockd start'
BTW, I have the following line in `iptables':
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
I don't have a physical access to the machine. So I decided to keep
the rule and close it from a client:
client$ knock <ip> 9000 8000 7000
Unfortunately, I still can connect to the SSH port.
Did I make a mistake somewhere?
Reply to: