Playing around with my lovely efw (Yes I totaly fall in love with this little gadget) and reading through the post in the forum i came up with some nice stuff to open the ssh port on the red interface. port knocking!
Here are the too little script that enable your efw to let you in.
First the iptables on the efw:
#!/bin/bash
# Defining ports and time slice
PORT1=2001
PORT2=2002
# define some vars for easier reading and ajustment
IPT=/sbin/iptables
IPTI="$IPT -A CUSTOMINPUT -i ppp0"
NAME="--name ssh"
# Connect to first port an put RemoteHost in Recent List
# We still drop the connection so portscans don't find them
$IPTI -p tcp --dport $PORT1 -m recent $NAME --set -j DROP
# Connect to the second port and see if we allready had
# a connection attempt in the last 2 seconds
$IPTI -p tcp --dport $PORT2 -m recent $NAME --update --seconds 2 --hitcount 1 -j DROP
# We finally allow the user to login
#$IPTI -p tcp --dport 22 -m recent $NAME --rcheck --seconds 2 --hitcount 2 -j ACCEPT
# Maybe we should remove the IP from the list?
$IPTI -p tcp --dport 22 -m recent $NAME --remove -j ACCEPT
#########################
# Todo and other things #
#########################
# Maybe define an array with ports and loop through them.
# By this we could auto increment the hitcount
# and would be able to use any number of ports
And the script for letting you in:
#!/bin/bash
/usr/bin/telnet
your ip your first port 2>&1 > /dev/null &
/usr/bin/telnet
your ip your second port 2>&1 > /dev/null &
/usr/bin/ssh
root@83.135.234.254What i don't like is that after the two telnet sessions time out you get the error message on the screen. Thought the 2>&1 > /dev/null would take care. But who cares
Those two scripts i called them knock and letmein can also easily be adjusted to give you acces to the webinterface.
Any questions or comments are welcome. Specialy regarding the todo section in the knock script.
Author