[CentOS] This firewall rule will self-destruct

Sun Mar 18 05:18:15 UTC 2007
John Summerfield <debian at herakles.homelinux.org>

MrKiwi wrote:
> Benjamin Smith wrote:
>> On Friday 16 March 2007, MrKiwi wrote:
>>> mitigate a situation where you have no control over an intermediate 
>>> firewall that only passes port 80
>> Yes, that's EXACTLY what I'm trying to do... but I dont' see how this 
>> exactly relates to port knocking.
>> Port knocking seems to be that you log connection attempts to various 
>> ports that are otherwise closed, EG:
>> iptables -I input -p tcp -j DENY -l
>> and then watch the log file for a specific, exact sequence of 
>> connections from a common source IP. How would that help me here?
> Yes - you're right, it would not be a simple drop in solution. In the 
> other scenario  i suggested (reducing your visibility) port knocking 
> would have been perfect.
> You could still use a modified port knocking system i think - just using 
> a url hit to do the triggering instead of a port knock sequence. That 
> way the port knock config takes care of removing the iptables line after 
> x seconds.

There is an expires ipfilter module, not a standard part of the kernel, 
but available from netfilter.org. I wish it were standard, there's a lot 
of folk I would cheerfully banish for a few hours: you trigger a spam 
alert, I block your /24 for 24 hours. You ping my ftp port, I take out 
your /24 for a day.



-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list