Hello. I'm trying to enable port knocking with `knockd'.
I configured `/etc/knockd.conf': (I changed the default ports.) [options] UseSyslog [openSSH] sequence = 7000,8000,9000 seq_timeout = 5 command = /sbin/iptables -A INPUT -I 6 -p tcp --dport 22 -j ACCEPT tcpflags = syn cmd_timeout = 25 [closeSSH] sequence = 9000,8000,7000 seq_timeout = 5 command = /sbin/iptables -D INPUT -p tcp --dport 22 -j ACCEPT tcpflags = syn Then `/etc/default/knockd': START_KNOCKD=1 And started the daemon via `sudo /etc/init.d/knockd start' BTW, I have the following line in `iptables': -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT I don't have a physical access to the machine. So I decided to keep the rule and close it from a client: client$ knock <ip> 9000 8000 7000 Unfortunately, I still can connect to the SSH port. Did I make a mistake somewhere? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/38781.150.254.37.193.1358395695.squir...@lavabit.com