Hi everyone
Had some trouble with knockd and the current version of shorewall. My
problem was with 5.2 and Raspberry pi but likely applies to other
versions also
So here are the changes I made for /etc/knockd configuration.
[options]
logfile = /var/log/knockd.log
# example for opening www via knockd
# replace ppp0 with your external interface!
# to use it:
# - include ipset package in leaf.cfg
# - create a new zone knock in shorewall/zones containing
# knock:net ipv4 dynamic_shared # don't forget to uncomment
# - create a dynamic host in shorewall/hosts file containing
# knock ppp0:dynamic # don't forget to uncomment
# - add a rule to the shorewall/rules file (for ssh)
# ACCEPT knock fw tcp 80 # don't forget to uncomment
# note changes to command line below
# - you must restart knockd after the ppp0 interface comes up
# I put it in a script file /etc/ppp/if-up
[openWWW]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/shorewall add knock %IP%
tcpflags = syn
#
[closeWWW]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/shorewall delete knock %IP%
tcpflags = syn
--------------------------------------------------------------------------------------------------------------------------
/etc/ppp/if-up
#!/bin/sh
svi knockd restart
esac
exit0
I chmod'd it a+x
------------------------------------------------------------------------------
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
