Hey,
I have been experimenting whith knockd and saw it behave quite oddly.
Interrogation 1:
- why does it creates the iptable rule 3 times ??
With the following simple configuration:
[closeSSH]
sequence = xxxx,yyyy,zzzzz
seq_timeout = 15
tcpflags = syn
command = sudo iptables -I INPUT 5 -p tcp --dport 22 -j DROP
It applys the rules 3 times as you can see bellow:
$ sudo iptables -S INPUT
...
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j DROP
...
Its not tied to to the fact that I use 3 ports as code because if I set only 2 I still get the rule applied 3 times.
However when opening SSH with the right code it does the same thing 3 times which in the end unlocks ssh... So in the end it works but its weird...
Interrogation 2
- Isn't the daemon suppose to track the oppening and closing of the "gate" in a coherent way ?
For instance if I spam open / close / open / open / close /open I still got some rules leftovers as the system does not keep up with the opening and closing spam.
Moreover If I choose to use a rule deleting an iptable by its number It might delete the wrong iptable rule...
Using centos 7.7
OpenSSH_7.4p1
Thx
Hey,
I have been experimenting whith knockd and saw it behave quite oddly.
Interrogation 1:
With the following simple configuration:
It applys the rules 3 times as you can see bellow:
Its not tied to to the fact that I use 3 ports as code because if I set only 2 I still get the rule applied 3 times.
However when opening SSH with the right code it does the same thing 3 times which in the end unlocks ssh... So in the end it works but its weird...
Interrogation 2
For instance if I spam open / close / open / open / close /open I still got some rules leftovers as the system does not keep up with the opening and closing spam.
Moreover If I choose to use a rule deleting an iptable by its number It might delete the wrong iptable rule...
Using centos 7.7
OpenSSH_7.4p1
Thx