extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-09 01:04:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add timeout to Port Knocking Example

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2237 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-06-26 22:10:48 +00:00
parent f677f3c279
commit 9817b0159c
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall-docs2/PortKnocking.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-05-14</pubdate>
<pubdate>2005-06-26</pubdate>
<copyright>
<year>2005</year>
@ -56,7 +56,8 @@
<orderedlist>
<listitem>
<para>Attempting to connect to port 1600 enables SSH access.</para>
<para>Attempting to connect to port 1600 enables SSH access. Access is
enabled for 60 seconds.</para>
</listitem>
<listitem>
@ -84,10 +85,10 @@
log_rule_limit $LEVEL $CHAIN SSHKnock ACCEPT "" "$TAG" -A -p tcp --dport 22 -m recent --rcheck --name SSH
log_rule_limit $LEVEL $CHAIN SSHKnock DROP "" "$TAG" -A -p tcp --dport ! 22
fi
run_iptables -A $CHAIN -p tcp --dport 22 -m recent --rcheck --name SSH -j ACCEPT
run_iptables -A $CHAIN -p tcp --dport 1599 -m recent --name SSH --remove -j DROP
run_iptables -A $CHAIN -p tcp --dport 1600 -m recent --name SSH --set -j DROP
run_iptables -A $CHAIN -p tcp --dport 1601 -m recent --name SSH --remove -j DROP</programlisting>
run_iptables -A $CHAIN -p tcp --dport 22 -m recent --rcheck --seconds 60 --name SSH -j ACCEPT
run_iptables -A $CHAIN -p tcp --dport 1599 -m recent --name SSH --remove -j DROP
run_iptables -A $CHAIN -p tcp --dport 1600 -m recent --name SSH --set -j DROP
run_iptables -A $CHAIN -p tcp --dport 1601 -m recent --name SSH --remove -j DROP</programlisting>
</listitem>
<listitem>