From 9817b0159c21e9c6882c738940554ccb75c144b3 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 26 Jun 2005 22:10:48 +0000 Subject: [PATCH] Add timeout to Port Knocking Example git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2237 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/PortKnocking.xml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Shorewall-docs2/PortKnocking.xml b/Shorewall-docs2/PortKnocking.xml index 8d11f55fe..059c30be8 100644 --- a/Shorewall-docs2/PortKnocking.xml +++ b/Shorewall-docs2/PortKnocking.xml @@ -15,7 +15,7 @@ - 2005-05-14 + 2005-06-26 2005 @@ -56,7 +56,8 @@ - Attempting to connect to port 1600 enables SSH access. + Attempting to connect to port 1600 enables SSH access. Access is + enabled for 60 seconds. @@ -84,10 +85,10 @@ log_rule_limit $LEVEL $CHAIN SSHKnock ACCEPT "" "$TAG" -A -p tcp --dport 22 -m recent --rcheck --name SSH log_rule_limit $LEVEL $CHAIN SSHKnock DROP "" "$TAG" -A -p tcp --dport ! 22 fi -run_iptables -A $CHAIN -p tcp --dport 22 -m recent --rcheck --name SSH -j ACCEPT -run_iptables -A $CHAIN -p tcp --dport 1599 -m recent --name SSH --remove -j DROP -run_iptables -A $CHAIN -p tcp --dport 1600 -m recent --name SSH --set -j DROP -run_iptables -A $CHAIN -p tcp --dport 1601 -m recent --name SSH --remove -j DROP +run_iptables -A $CHAIN -p tcp --dport 22 -m recent --rcheck --seconds 60 --name SSH -j ACCEPT +run_iptables -A $CHAIN -p tcp --dport 1599 -m recent --name SSH --remove -j DROP +run_iptables -A $CHAIN -p tcp --dport 1600 -m recent --name SSH --set -j DROP +run_iptables -A $CHAIN -p tcp --dport 1601 -m recent --name SSH --remove -j DROP