Firewall
- I have tried a couple of firewalls.
- For easy gui rule editing on multiple firewall i would recommend FWB ( Firewall Builder)
- I personaly use Firehol - a bash script with a very compact syntax, and easily extend able to allow advance features.
Port Knocking
- Knock on the firewall by connections to some random ports, thus getting the firewall to open a door to the required service.
- Using Iptables for port knocking.
-A INPUT -m state --state NEW -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 60 --name SSH_ALLOW -j ACCEPT -A INPUT -m state --state NEW -p tcp -m tcp --dport 123 --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_FIRST -j DROP -A INPUT -m state --state NEW -p tcp -m tcp --dport 234 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_FIRST -j SSH_SECOND -A SSH_SECOND --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_SECOND -A SSH_SECOND --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_FIRST -A SSH_SECOND -j DROP -A INPUT -m state --state NEW -p tcp -m tcp --dport 345 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_SECOND -j SSH_THIRD -A SSH_THIRD --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_THIRD -A SSH_THIRD --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_SECOND -A SSH_THIRD -j DROP -A INPUT -m state --state NEW -p tcp -m tcp --dport 456 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_THIRD -j SSH_FOURTH -A SSH_FOURTH --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_ALLOW -A SSH_FOURTH --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_THIRD -A SSH_FOURTH -j DROP
...