EFW Support

Development => Contribute Your Customisations & Modifications => Topic started by: sunblast on Friday 02 May 2008, 12:44:09 am


Title: Port knocking to open ssh to red interface
Post by: sunblast on Friday 02 May 2008, 12:44:09 am
Playing around with my lovely efw (Yes I totaly fall in love with this little gadget) and reading through the post in the forum i came up with some nice stuff to open the ssh port on the red interface. port knocking!

Here are the too little script that enable your efw to let you in.

First the iptables on the efw:
Code:
#!/bin/bash
# Defining ports and time slice
PORT1=2001
PORT2=2002


# define some vars for easier reading and ajustment
IPT=/sbin/iptables
IPTI="$IPT -A CUSTOMINPUT -i ppp0"
NAME="--name ssh"

# Connect to first port an put RemoteHost in Recent List
# We still drop the connection so portscans don't find them
$IPTI -p tcp --dport $PORT1 -m recent $NAME --set -j DROP

# Connect to the second port and see if we allready had
# a connection attempt in the last 2 seconds
$IPTI -p tcp --dport $PORT2 -m recent $NAME --update --seconds 2 --hitcount 1 -j DROP

# We finally allow the user to login
#$IPTI -p tcp --dport 22 -m recent $NAME --rcheck --seconds 2 --hitcount 2 -j ACCEPT

# Maybe we should remove the IP from the list?
$IPTI -p tcp --dport 22 -m recent $NAME --remove -j ACCEPT


#########################
# Todo and other things #
#########################
# Maybe define an array with ports and loop through them.
# By this we could auto increment the hitcount
# and would be able to use any number of ports

And the script for letting you in:

Quote
#!/bin/bash
/usr/bin/telnet your ip your first port 2>&1 > /dev/null &
/usr/bin/telnet your ip your second port 2>&1 > /dev/null &
/usr/bin/ssh root@83.135.234.254

What i don't like is that after the two telnet sessions time out you get the error message on the screen. Thought the 2>&1 > /dev/null would take care. But who cares ;)

Those two scripts i called them knock and letmein can also easily be adjusted to give you acces to the webinterface.

Any questions or comments are welcome. Specialy regarding the todo section in the knock script.

Title: Re: Port knocking to open ssh to red interface
Post by: sunblast on Monday 05 May 2008, 03:52:44 am
If you want this setting to remain during startups. Add knock to the rc.firewall.local script. This can be found in /var/efw/inithooks.


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media