[Shorewall-users] Port Knocking issue

Wed, 29 Mar 2023 10:08:05 -0700

Hello,

I'm running shorewall 5.2.8 on a Raspberry with Raspbian Linux 11
Working like a charm except this issue

I'm trying to implement a simple port knocking mechanism as per the documentation.

The first issue is the event reporting:

action.Knock:
#
?format 2
###############################################################################
#ACTION               SOURCE         DEST      PROTO      DPORT
IfEvent(SSH,ACCEPT:info,60,1,src,reset)\
                      -              -         tcp        40555
SetEvent(SSH,ACCEPT)  -              -         tcp        62222
ResetEvent(SSH,DROP:info)\
                      -              -         tcp        40555

when I type command: shorewall events
I just get SSH without any extra details


The second issue is that it works perfectly on the local subnet but not on the wan interface

rules for local subnet test:

REJECT    net    loc:10.10.3.104    all
DROP    loc:10.10.3.104    net    all
REJECT    net    loc:10.10.3.100    all
DROP    loc:10.10.3.100    net    all
DROP net:162.142.125.0/24  all
DROP net:167.94.138.0/24  all
DROP net:167.94.145.0/24  all
DROP net:167.94.146.0/24  all
DROP net:167.248.133.0/24  all
DROP net:62.210.206.0/24  all
DROP net:185.73.124.0/24  all
DROP net:185.190.24.0/24  all
Knock   loc    fw      tcp     40555,62220-62224
ACCEPT    net    fw    udp    9100            #OpenVPN
DROP    net    fw    tcp    40555
DROP    loc     fw      tcp     40555
REJECT  net     fw      tcp     8123

 I have traces in the log:
kernel: [12550.115398] Knock ACCEPT IN=eth0 OUT= MAC=e4:5f:01:d3:f7:d9:9c:eb:e8:74:8b:2f:08:00 SRC="" DST=10.10.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=41964 DF PROTO=TCP SPT=35008 DPT=40555 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x400


rules for wan interface test:

REJECT    net    loc:10.10.3.104    all
DROP    loc:10.10.3.104    net    all
REJECT    net    loc:10.10.3.100    all
DROP    loc:10.10.3.100    net    all
DROP net:162.142.125.0/24  all
DROP net:167.94.138.0/24  all
DROP net:167.94.145.0/24  all
DROP net:167.94.146.0/24  all
DROP net:167.248.133.0/24  all
DROP net:62.210.206.0/24  all
DROP net:185.73.124.0/24  all
DROP net:185.190.24.0/24  all
Knock   net    fw      tcp     40555,62220-62224
ACCEPT    net    fw    udp    9100            #OpenVPN
DROP    net    fw    tcp    40555
REJECT  net     fw      tcp     8123

Nothing displayed in the log about the knock from wan

Thx,

Jean-Francois Bogaerts


 
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to