Differences between revisions 5 and 6
Revision 5 as of 2009-11-21 20:58:03
Size: 2414
Editor: PieterSmit
Comment:
Revision 6 as of 2016-06-01 16:59:43
Size: 2437
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
 * Links [[Firewall]]

Firewall

  • Links Firewall

  • I have tried a couple of firewalls.
  • For easy gui rule editing on multiple firewall i would recommend FWB ( Firewall Builder)

  • I personally use Firehol - a bash script with a very compact syntax, and easily extend able to allow advance features.

  • see linux/iptables for ip tables specific examples.

Port Knocking

  1. fwknop: http://www.cipherdyne.org/fwknop/|[[Single Packet Authorization and Port Knocking]]

  2. Knock on the firewall by connections to some random ports, thus getting the firewall to open a door to the required service.
  3. Using Iptables for port knocking. 

-A INPUT -m state --state NEW -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 60 --name SSH_ALLOW -j ACCEPT

-A INPUT -m state --state NEW -p tcp -m tcp --dport 123 --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_FIRST -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 234 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_FIRST -j SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_FIRST
-A SSH_SECOND -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 345 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_SECOND -j SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_SECOND
-A SSH_THIRD -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 456 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_THIRD -j SSH_FOURTH
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_ALLOW
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_THIRD
-A SSH_FOURTH -j DROP
  • Using firehol + knockd 

server https accept with knock hidden
iptables -A knock_hidden -s %IP% -j ACCEPT
iptables -D knock_hidden -s %IP% -j ACCEPT

  • Firehol knock using accept [with recent <name> <seconds> <hits>] 

... 
 CategoryLinux 
linux/firewall  (last edited 2016-06-01 17:01:02 by PieterSmit)