diff --git a/docs/Events.xml b/docs/Events.xml index 6cc15c08e..f820b0c81 100644 --- a/docs/Events.xml +++ b/docs/Events.xml @@ -701,5 +701,87 @@ ResetEvent(SSH,DROP:info) # PORT(S) Knock net $FW tcp 22,1599-1601 + +
+ Stateful Port Knocking (knock with a sequence of ports) + + Gerhard Wiesinger has contributed a Perl module that allows you to + define portknocking sequences. Download the + module and copy it into your site_perl directory. + + Using Gerhard's module, a port-knocking rule is defined via a + '?PERL' statement. This example opens the SSH port from net->fw using + the knock sequence 52245, 15623, 19845: + + ?BEGIN PERL +use KnockEnhanced; +KnockEnhanced 'net', '$FW', {name => 'SSH1', log_level => 3, proto => 'tcp', target => 'ssh', knocker => [52245,15623,19845]}; +?END PERL + + A few notes on the parameters: + + + + The first parameter is the rule SOURCE + + + + The second parameter is the rule DEST + + + + The third parameter is a Perl hash reference that defines the + remaining parameters. Each parameter is specified via + param => + value. + + + + proto is the protocol -- + if not specified, the default is tcp + + + + seconds is the timeout + between successive events -- default is 60 seconds. + + + + original_dest is the rule + ORIGINAL DEST + + + + target is the port(s) + that you are trying to open. May either be a single name or + number, or it may be a list of names and/or numbers separated by + commas and enclosed in square brackets ("[...]"). + + + + name is a name used as + the base for event and chain names. If not supplied, the first + target is used, in which case + the first target must be a port name. + + + + log_level specifies + logging for the generated rules + + + + + Port names and numbers may be optionally followed by a colon + (":") and a protocol name or number to override the specified + protocol. + + + + + The module itself contains additional examples of its + usage. +