extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 03:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update the Port Knocking article for 5.0

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-02-18 15:54:32 -08:00
parent 0e2a3f7265
commit 4050aa5180
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/PortKnocking.xml
View File

@ -131,13 +131,13 @@ add_rule( $chainref, '-p tcp --dport 1601 -m recent --name
Internet, add this rule in
<filename>/etc/shorewall/rules</filename>:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
<programlisting>#ACTION SOURCE DEST PROTO DPORT
SSHKnock net $FW tcp 22,1599,1600,1601</programlisting>
<para>If you want to log the DROPs and ACCEPTs done by SSHKnock, you
can just add a log level as in:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
<programlisting>#ACTION SOURCE DEST PROTO DPORT
SSHKnock:info net $FW tcp 22,1599,1600,1601</programlisting>
</listitem>
@ -146,8 +146,7 @@ SSHKnock:info net $FW tcp 22,1599,1600,1601<
206.124.146.178 to internal system 192.168.1.5. In
/etc/shorewall/rules:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST
DNAT- net 192.168.1.5 tcp 22 - 206.124.146.178
SSHKnock net $FW tcp 1599,1600,1601
SSHKnock net loc:192.168.1.5 tcp 22 - 206.124.146.178</programlisting>