MrKiwi wrote: > > Benjamin Smith wrote: > >> On Friday 16 March 2007, MrKiwi wrote: >> >>> mitigate a situation where you have no control over an intermediate >>> firewall that only passes port 80 >> >> >> Yes, that's EXACTLY what I'm trying to do... but I dont' see how this >> exactly relates to port knocking. >> Port knocking seems to be that you log connection attempts to various >> ports that are otherwise closed, EG: >> iptables -I input -p tcp -j DENY -l >> and then watch the log file for a specific, exact sequence of >> connections from a common source IP. How would that help me here? > > Yes - you're right, it would not be a simple drop in solution. In the > other scenario i suggested (reducing your visibility) port knocking > would have been perfect. > > You could still use a modified port knocking system i think - just using > a url hit to do the triggering instead of a port knock sequence. That > way the port knock config takes care of removing the iptables line after > x seconds. There is an expires ipfilter module, not a standard part of the kernel, but available from netfilter.org. I wish it were standard, there's a lot of folk I would cheerfully banish for a few hours: you trigger a spam alert, I block your /24 for 24 hours. You ping my ftp port, I take out your /24 for a day. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list