On Fri, 2003-05-30 at 13:38, Jack Coates wrote: > google "door knocking firewall" or similar, and xinetd is your friend. > Realize that it doesn't have to run tcpd [daemon], it can run bash, it > can run a script that edits your firewall rule, it can run anything. I > once had a telnet-based chat client set up that would run sirc instead > of bash.
YES! God the worst part about it is that I've done just that. Except there it was to prove that cat could be used as a one page webserver. Thanks for reminding me. James > > On Fri, 2003-05-30 at 13:24, James Sparenberg wrote: > > All, > > > > > > One of the problem with ports is that you don't want it open to > > anyone at anytime ... but..... on occasion you do want it open to a > > specific host. > > > > Normally this is handled by ACL's and giving only a specific host > > this kind of access. But this is an all or nothing proposition in that > > it is a static solution. The need I'm wondering about is whether or not > > this kind of access can be dynamic and controlled from a local host. > > > > > > By way of example. Say I have an application that runs on port 28735 > > tcp and udp. Now I don't want that port open all the time. Nor do I > > want the listener to accept data from any arbitrary application that > > tries to knock. What I'm wondering is if I can set up a rule that would > > say in affect. "If I didn't call you first you can't talk to me." What > > happens is that the local box contacts a dynamic distant end, and > > accepts data from that distant end, but if the local box doesn't > > initiate the conversation that port is not open. It also would have to > > be open only for the box contacted, at the time of contact and not open > > to it once contact is broken. (Kind of like a phone system I saw in Asia > > where you could do outgoing calls but not incoming.) > > > > The second situation would be a rule that says. Knock first. So say > > the distant end (DE) could send an e-mail saying "I have something for > > you contact me." Then when you start the contact it will be able to > > send it. > > > > I hope this isn't too rambling... Or considered off topic. If so I > > apologize in advance. > > > > > > James > > > > > > > > > > ______________________________________________________________________ > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
