Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 13 January 2025, 10:18:19 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  Contribute Your Customisations & Modifications
| | |-+  Port knocking to open ssh to red interface
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Port knocking to open ssh to red interface  (Read 28505 times)
sunblast
Full Member
***
Offline Offline

Posts: 22


« on: Friday 02 May 2008, 12:44:09 am »

Playing around with my lovely efw (Yes I totaly fall in love with this little gadget) and reading through the post in the forum i came up with some nice stuff to open the ssh port on the red interface. port knocking!

Here are the too little script that enable your efw to let you in.

First the iptables on the efw:
Code:
#!/bin/bash
# Defining ports and time slice
PORT1=2001
PORT2=2002


# define some vars for easier reading and ajustment
IPT=/sbin/iptables
IPTI="$IPT -A CUSTOMINPUT -i ppp0"
NAME="--name ssh"

# Connect to first port an put RemoteHost in Recent List
# We still drop the connection so portscans don't find them
$IPTI -p tcp --dport $PORT1 -m recent $NAME --set -j DROP

# Connect to the second port and see if we allready had
# a connection attempt in the last 2 seconds
$IPTI -p tcp --dport $PORT2 -m recent $NAME --update --seconds 2 --hitcount 1 -j DROP

# We finally allow the user to login
#$IPTI -p tcp --dport 22 -m recent $NAME --rcheck --seconds 2 --hitcount 2 -j ACCEPT

# Maybe we should remove the IP from the list?
$IPTI -p tcp --dport 22 -m recent $NAME --remove -j ACCEPT


#########################
# Todo and other things #
#########################
# Maybe define an array with ports and loop through them.
# By this we could auto increment the hitcount
# and would be able to use any number of ports

And the script for letting you in:

Quote
#!/bin/bash
/usr/bin/telnet your ip your first port 2>&1 > /dev/null &
/usr/bin/telnet your ip your second port 2>&1 > /dev/null &
/usr/bin/ssh root@83.135.234.254

What i don't like is that after the two telnet sessions time out you get the error message on the screen. Thought the 2>&1 > /dev/null would take care. But who cares Wink

Those two scripts i called them knock and letmein can also easily be adjusted to give you acces to the webinterface.

Any questions or comments are welcome. Specialy regarding the todo section in the knock script.
Logged
sunblast
Full Member
***
Offline Offline

Posts: 22


« Reply #1 on: Monday 05 May 2008, 03:52:44 am »

If you want this setting to remain during startups. Add knock to the rc.firewall.local script. This can be found in /var/efw/inithooks.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com