##master-page:HomepageReadWritePageTemplate
##master-date:Unknown-Date
#format wiki
#language en
= Firewall =
 * Links [[SecurityFirewall]]
 * I have tried a couple of firewalls.
 * For easy gui rule editing on multiple firewall i would recommend FWB ( Firewall Builder)
 * I personally use [[http://firehol.sourceforge.net/ | Firehol ]] - a bash script with a very compact syntax, and easily extend able to allow advance features.
 * see [[linux/iptables]] for ip tables specific examples.

== Port Knocking ==
 1. fwknop: http://www.cipherdyne.org/fwknop/|[[Single Packet Authorization and Port Knocking]]
 2. Knock on the firewall by connections to some random ports, thus getting the firewall to open a door to the required service.

 * Using Iptables for port knocking.
   * From: http://uhacc.org/forums/index.php?board=6;action=display;threadid=3166
{{{
-A INPUT -m state --state NEW -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 60 --name SSH_ALLOW -j ACCEPT

-A INPUT -m state --state NEW -p tcp -m tcp --dport 123 --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_FIRST -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 234 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_FIRST -j SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_FIRST
-A SSH_SECOND -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 345 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_SECOND -j SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_SECOND
-A SSH_THIRD -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 456 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_THIRD -j SSH_FOURTH
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_ALLOW
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_THIRD
-A SSH_FOURTH -j DROP


}}}
 * Using firehol + knockd
{{{ 
server https accept with knock hidden
iptables -A knock_hidden -s %IP% -j ACCEPT
iptables -D knock_hidden -s %IP% -j ACCEPT
}}}
 * Firehol knock using '''accept [with recent <name> <seconds> <hits>]'''
{{{


}}}
...
----
CategoryLinux