Good day everyone! I'm trying to secure a ssh hidden service with fwknop, the idea is to send the fwknop packet to the .onion address and also to ssh to the .onion address.
But I've encountered two problems. First of all I'm unable to set the default iptables rules to filter the incomming traffic. The hidden service is configured as: HiddenServicePort 22 127.0.0.1:22 The only open port is TCP 80 where the fwknopd server is listening. I've tried using this two rules (in addition to the default INPUT policy): iptables -A INPUT -s 127.0.0.1 -p tcp --sport 22 -j DROP iptables -A INPUT -d 127.0.0.1 -p tcp --dport 22 -j DROP But I'm still able to ssh into the server :S The second problem is using fwknop to send a packet to an .onion. If I torify fwknop pointing to the IP address everything works flawlessly but If I torify it pointing to the .onion, the fwknopd logs show that tor is cutting the packet in several pieces, so the server takes it as several packets instead of one. If you could help me I'll be glad :) Cheers ------------------------------------------------------------------------------ _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
