Daniel Bye wrote:
On Sat, Sep 16, 2006 at 03:06:13PM -0700, Noah wrote:
Hi there,
I am trying to figure out how to open a port temporarily for a specific
IP who is able to provide a proper username and password on the website
of the box. After authentication is verified then the IP address is
cached and temporarily allowed to access a specific port on the
server. This temporary firewall changes would be handled by ipfw.
Any clues if a system like this is a already coded and out there somewhere?
Take a look at security/doorman or security/knock, both of which might
fit the bill.
Hi there,
I have really specific needs and wondering if somebody has written a
port knocker out there already that fits the criteria of what I am
looking for.
Portknocker capabilities:
1) User needs to telnet to specific port and/or log into a website.
2) Learns the IP address that the user is coming from in step 1.
3) Opens ssh port to specifically to the IP address grabbed in step 1
but also keeps ssh port open to statically defined IPs in /etc/rc.firewall .
4) As soon as the user disconnects from the ssh port the IP address in
step 1 no longer can access the ssh port unless they log back in like
the procedure in step 1.
I reviewed two programs doorman and knock (found in FreeBSD
/usr/ports/security)
Doorman Review:
I am unable to figure out how to configure the ability to capture the IP
address of where the UDP packet was sent. Therefore this program does
not completely match what I am looking for, or I do not understanding
how to configure it.
Knock Review:
This is nice but still requires closing the port as a step when done.
It would be nice to automatically close the ssh port when the user
disconnects from the ssh port. Also I am not clear but I don't think
there is a way to grab the source IP address, right?
Anybody know of other programs I could check out?
Cheers,
Noah
Dan
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
