[CentOS] This firewall rule will self-destruct

Sat Mar 17 03:39:38 UTC 2007
MrKiwi <mrkiwi at gmail.com>

Benjamin Smith wrote:
> On Friday 16 March 2007, MrKiwi wrote:
>> mitigate a situation 
>> where you have no control over an intermediate firewall that 
>> only passes port 80
> Yes, that's EXACTLY what I'm trying to do... but I dont' see how this exactly 
> relates to port knocking. 
> Port knocking seems to be that you log connection attempts to various ports 
> that are otherwise closed, EG: 
> iptables -I input -p tcp -j DENY -l 
> and then watch the log file for a specific, exact sequence of connections from 
> a common source IP. How would that help me here?
Yes - you're right, it would not be a simple drop in 
solution. In the other scenario  i suggested (reducing your 
visibility) port knocking would have been perfect.

You could still use a modified port knocking system i think 
- just using a url hit to do the triggering instead of a 
port knock sequence. That way the port knock config takes 
care of removing the iptables line after x seconds.

See Michael Rash's pdf
His implementation is rock solid, and easy to config. Also 
anyone with some grep and script skills should be able to 
hack the port-knock -> httpd-log-watcher part you need.