This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
i have no words... by now you are god for me! :-D i can´t believe how much good support you give to your project ! thanks Tom !! ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.shorewall.net>; "Shorewall Announcements" <shorewall-announce@lists.shorewall.net> Sent: Thursday, May 12, 2005 12:18 PM Subject: [Shorewall-users] New Article at Shorewall.net> This article describes how to implement "Port Knocking" in Shorewall. > > http://shorewall.net/PortKnocking.html > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Il giorno gio, 12-05-2005 alle 08:18 -0700, Tom Eastep ha scritto:> This article describes how to implement "Port Knocking" in Shorewall. > > http://shorewall.net/PortKnocking.html > > -TomThanks Tom, as usual you have made an great job! perhaps would be useful to implement this in one next version ... ... or not? Many thanks! -- Dario Lesca <d.lesca@solinos.it>
With the code and documentation for this, it is so easy to setup for any service. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Dario Lesca Sent: Thursday, May 12, 2005 10:57 AM To: shorewall-users@shorewall.net Subject: Re: [Shorewall-users] New Article at Shorewall.net Il giorno gio, 12-05-2005 alle 08:18 -0700, Tom Eastep ha scritto:> This article describes how to implement "Port Knocking" in Shorewall. > > http://shorewall.net/PortKnocking.html > > -TomThanks Tom, as usual you have made an great job! perhaps would be useful to implement this in one next version ... ... or not? Many thanks! -- Dario Lesca <d.lesca@solinos.it> _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Robert K Coffman Jr - Info From Data Corporation
2005-May-12 19:53 UTC
RE: New Article at Shorewall.net
Thanks Tom, this is superior in every way to my current solution. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Thursday, May 12, 2005 11:19 AM To: Shorewall Users; Shorewall Announcements Subject: [Shorewall-users] New Article at Shorewall.net This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Dario Lesca wrote:> Il giorno gio, 12-05-2005 alle 08:18 -0700, Tom Eastep ha scritto: >>This article describes how to implement "Port Knocking" in Shorewall. >> >>http://shorewall.net/PortKnocking.html >> >>-Tom > > Thanks Tom, as usual you have made an great job! > > perhaps would be useful to implement this in one next version ... > ... or not?I think not -- I trust it won''t strain you too much to copy and paste from the documentation. Plus, that way you get to pick the lock and unlock ports yourself, you can customize it for any application and I don''t have to write any more documentation or package and release any more code. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> This article describes how to implement "Port Knocking" in Shorewall. > > http://shorewall.net/PortKnocking.htmlyour reply is so fast, that i can''t follow that speed:-) thanks!!! -- Levente "Si vis pacem para bellum!"
Tom Eastep wrote:> This article describes how to implement "Port Knocking" in Shorewall. > > http://shorewall.net/PortKnocking.htmljust a few more questions: - imho adding lower closing port is also useful (as explained in the orig. article) - is there any more docs about such actions like this when the action.XXX file is empty? i only found this http://shorewall.net/Actions.html#Extension but it''s not too much. what are the functions, variables here (like run_iptables, log_rule_limit, $CHAIN, $LEVEL etc). can use the params file''s variables here? yours. -- Levente "Si vis pacem para bellum!"
Farkas Levente wrote:> Tom Eastep wrote: >> This article describes how to implement "Port Knocking" in Shorewall. >> >> http://shorewall.net/PortKnocking.html > > just a few more questions: > - imho adding lower closing port is also useful (as explained in the > orig. article)I must have missed that.> - is there any more docs about such actions like this when the > action.XXX file is empty? i only found this > http://shorewall.net/Actions.html#Extension > but it''s not too much. what are the functions, variables here (like > run_iptables, log_rule_limit, $CHAIN, $LEVEL etc). can use the params > file''s variables here? > yours. >$CHAIN, $LEVEL and $TAG are explained in the "Actions and Logging" section (http://shorewall.net/Actions.html#id2453176). run_iptables is described in http://shorewall.net/shorewall_extension_scripts.htm. log_rule_limit is currently undocumented unless you are willing to read the ''firewall'' file. -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Farkas Levente wrote: > >>Tom Eastep wrote: >> >>>This article describes how to implement "Port Knocking" in Shorewall. >>> >>>http://shorewall.net/PortKnocking.html >> >>just a few more questions: >>- imho adding lower closing port is also useful (as explained in the >>orig. article) > > > I must have missed that.and now just missed it from point 3 and 4:-)>>- is there any more docs about such actions like this when the >>action.XXX file is empty? i only found this >>http://shorewall.net/Actions.html#Extension >>but it''s not too much. what are the functions, variables here (like >>run_iptables, log_rule_limit, $CHAIN, $LEVEL etc). can use the params >>file''s variables here? >>yours. >> > > > $CHAIN, $LEVEL and $TAG are explained in the "Actions and Logging" > section (http://shorewall.net/Actions.html#id2453176). run_iptables is > described in http://shorewall.net/shorewall_extension_scripts.htm. > log_rule_limit is currently undocumented unless you are willing to read > the ''firewall'' file.thanks. -- Levente "Si vis pacem para bellum!"
Farkas Levente wrote:> Tom Eastep wrote: >> Farkas Levente wrote: >> >>> Tom Eastep wrote: >>> >>>> This article describes how to implement "Port Knocking" in Shorewall. >>>> >>>> http://shorewall.net/PortKnocking.html >>> >>> just a few more questions: >>> - imho adding lower closing port is also useful (as explained in the >>> orig. article) >> >> >> I must have missed that. > > and now just missed it from point 3 and 4:-) >Yep -- I''ve been up all night so I probably should try to change anything else until I get some sleep. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > Yep -- I''ve been up all night so I probably should try to change > anything else until I get some sleep. >Looks like I probably should _not_ try to type emails either :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > $CHAIN, $LEVEL and $TAG are explained in the "Actions and Logging" > section (http://shorewall.net/Actions.html#id2453176). run_iptables is > described in http://shorewall.net/shorewall_extension_scripts.htm. > log_rule_limit is currently undocumented unless you are willing to read > the ''firewall'' file. >I''ve added some documentation for log_rule_limit() in http://shorewall.net/shorewall_extension_scripts.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key