On 6/7/2014 11:48 PM, Eric Koome wrote: > I indeed used the > > How is the DNAT example in http://shorewall.net/PortKnocking.html > different from mine (albeit I have used Events to construct sshknock?) > Wouldn't the first rule unconditionally forward port 22 to private ip?
No. The example uses DNAT- whereas you said you used DNAT. There is a difference. DNAT- simply rewrites the destination IP address and/or port; it does not allow the connection. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
