If you don't know what it is, google for Port Knocking.
Get my knocking client-server:
git clone https://github.com/nopernik/knocking-client-server
On server-side, i have this iptables config:
root@ubuntu:~# iptables-save *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT COMMIT
I'm using whitelisting technique, so all policies set to DROP.
This particular machine will not reply to pings, and will seem to be down.
But, it runs my knocking server and web server in background.
It will accept connection to the web server only if knocking-client will active.
Configuration is pretty simple, just open the source.
No comments:
Post a Comment