• linux
• firewall

Firewall

• I have tried a couple of firewalls.
• For easy gui rule editing on multiple firewall i would recommend FWB ( Firewall Builder)
• I personaly use Firehol - a bash script with a very compact syntax, and easily extend able to allow advance features.

Port Knocking

• Knock on the firewall by connections to some random ports, thus getting the firewall to open a door to the required service.
• Using Iptables for port knocking.

  • From: http://uhacc.org/forums/index.php?board=6;action=display;threadid=3166

-A INPUT -m state --state NEW -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 60 --name SSH_ALLOW -j ACCEPT

-A INPUT -m state --state NEW -p tcp -m tcp --dport 123 --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_FIRST -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 234 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_FIRST -j SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_SECOND
-A SSH_SECOND  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_FIRST
-A SSH_SECOND -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 345 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_SECOND -j SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_THIRD
-A SSH_THIRD  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_SECOND
-A SSH_THIRD -j DROP

-A INPUT -m state --state NEW -p tcp -m tcp --dport 456 --tcp-flags SYN,RST,ACK SYN -m recent --check --seconds 10 --rttl --name SSH_THIRD -j SSH_FOURTH
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --set --name SSH_ALLOW
-A SSH_FOURTH  --tcp-flags SYN,RST,ACK SYN -m recent --remove --name SSH_THIRD
-A SSH_FOURTH -j DROP

...