[CentOS] This firewall rule will self-destruct
John Summerfield
debian at herakles.homelinux.org
Sun Mar 18 05:18:15 UTC 2007
MrKiwi wrote:
>
> Benjamin Smith wrote:
>
>> On Friday 16 March 2007, MrKiwi wrote:
>>
>>> mitigate a situation where you have no control over an intermediate
>>> firewall that only passes port 80
>>
>>
>> Yes, that's EXACTLY what I'm trying to do... but I dont' see how this
>> exactly relates to port knocking.
>> Port knocking seems to be that you log connection attempts to various
>> ports that are otherwise closed, EG:
>> iptables -I input -p tcp -j DENY -l
>> and then watch the log file for a specific, exact sequence of
>> connections from a common source IP. How would that help me here?
>
> Yes - you're right, it would not be a simple drop in solution. In the
> other scenario i suggested (reducing your visibility) port knocking
> would have been perfect.
>
> You could still use a modified port knocking system i think - just using
> a url hit to do the triggering instead of a port knock sequence. That
> way the port knock config takes care of removing the iptables line after
> x seconds.
There is an expires ipfilter module, not a standard part of the kernel,
but available from netfilter.org. I wish it were standard, there's a lot
of folk I would cheerfully banish for a few hours: you trigger a spam
alert, I block your /24 for 24 hours. You ping my ftp port, I take out
your /24 for a day.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the CentOS
mailing list