I've been searching the web for information about how preauth works,
but haven't been able to find much information.
Basically, I'm trying to write a piece of software that allows a
FreeBSD machine to appear in complete stealth mode to the outside
world, while still having a userspace process listen on a specific UDP
port for messages telling the firewall to poke a hole for a specific
IP address.
In principle similar to port knocking, but instead of doing a bunch of
connection attempts on TCP ports, the entire "poke a hole in the
firewall" exchange fits into a single UDP packet, and no response is
sent by the firewall.
Now, I'm looking for a relatively clean way to dynamically manage the
permitted addresses from which traffic should be permitted. Ipfilter's
preauth seems to be exactly what I need, but as far as I can see it's
undocumented. How do I go about using it?
