[Shorewall-users] Shorewall 5.2.3.2 Events - Port Knocking

Sun, 05 Dec 2021 09:09:30 -0800 

Hello,
I'm trying to implement port knocking following the official documentation without success 


Using command "shorewall show events" I can see the event was triggered 
but the relevant port action is not taked into account


From the log I can see ACCEPT and REJECT actions

Dec  5 17:22:46 nltsystem1 kernel: [436257.294886] SSHKnock ACCEPT 
IN=eth1 OUT= MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 
SRC=95.182.129.33 DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 
ID=8083 DF PROTO=TCP SPT=48364 DPT=1600 WINDOW=64240 RES=0x00 SYN URGP=0
Dec  5 17:22:57 nltsystem1 kernel: [436268.464919] SSHKnock REJECT 
IN=eth1 OUT= MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 
SRC=95.182.129.33 DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 
ID=7950 DF PROTO=TCP SPT=39338 DPT=1599 WINDOW=64240 RES=0x00 SYN URGP=0




I'm using the bare sample except that I want to open or close TCP port 8123

Here are my files:

#action.SSHKnock
#
# Shorewall version 4 - Port-Knocking Action
#
?format 2
###############################################################################
#ACTION               SOURCE         DEST      PROTO      DPORT
IfEvent(SSH_JFB,ACCEPT:info,60,1,src,reset) - -         tcp        8123
SetEvent(SSH_JFB,ACCEPT)  -              -         tcp 1600
ResetEvent(SSH_JFB,REJECT:info)


#
# Shorewall -- /etc/shorewall/rules
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
##############################################################################################################################################################

#ACTION         SOURCE          DEST            PROTO   DPORT SPORT   
ORIGDEST        RATE    USER    MARK    CONNLIMIT TIME    HEADERS 
SWITCH  HELPER


?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
REJECT  net     fw      tcp     8123
SSHKnock:info   net               fw            tcp 8123,1599-1601


Any clue about what I'm missing ?

JF Bogaerts



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to