google "door knocking firewall" or similar, and xinetd is your friend. Realize that it doesn't have to run tcpd [daemon], it can run bash, it can run a script that edits your firewall rule, it can run anything. I once had a telnet-based chat client set up that would run sirc instead of bash.
On Fri, 2003-05-30 at 13:24, James Sparenberg wrote: > All, > > > One of the problem with ports is that you don't want it open to > anyone at anytime ... but..... on occasion you do want it open to a > specific host. > > Normally this is handled by ACL's and giving only a specific host > this kind of access. But this is an all or nothing proposition in that > it is a static solution. The need I'm wondering about is whether or not > this kind of access can be dynamic and controlled from a local host. > > > By way of example. Say I have an application that runs on port 28735 > tcp and udp. Now I don't want that port open all the time. Nor do I > want the listener to accept data from any arbitrary application that > tries to knock. What I'm wondering is if I can set up a rule that would > say in affect. "If I didn't call you first you can't talk to me." What > happens is that the local box contacts a dynamic distant end, and > accepts data from that distant end, but if the local box doesn't > initiate the conversation that port is not open. It also would have to > be open only for the box contacted, at the time of contact and not open > to it once contact is broken. (Kind of like a phone system I saw in Asia > where you could do outgoing calls but not incoming.) > > The second situation would be a rule that says. Knock first. So say > the distant end (DE) could send an e-mail saying "I have something for > you contact me." Then when you start the contact it will be able to > send it. > > I hope this isn't too rambling... Or considered off topic. If so I > apologize in advance. > > > James > > > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... http://www.monkeynoodle.org/resume.html
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
