On 16 feb 2010, at 11.17, Bret S. Lambert wrote: >>> There is a way to do port knocking in pf without any external help. Maybe >>> you can figure it out. I will not give more hints since port knocking is a >>> dumb idea better spend your time reading on authpf(8). >>> >>> -- >>> :wq Claudio >>> >> >> How do you use authpf from a IPhone or similar... >> >> The reason is to use and RSS reader that cannot autenticate. I want some sort > > An RSS reader that can't authenticate, but can ping a series of TCP/IP ports?
Where did you get that from? I didn't say it could... No but all devices with an RSS client, even phones, have a web browser that can have a bookmarked IP and obscure port. > >> of security for it even though it's not critical. Therefor I want to just have > ^^^^^^^^ > That word you keep using...I don't think it means what you think it means. > Unless you've got a mechanism to randomize the ports on every port-knocking > attempt, you're essentially using a plaintext password on the internet. > None said anything about a password.. From where did you get that? I don't have a plain text password. I don't even have a password at all as RSS readers with auth in not widely spread at all. So I don't have any auth... Just access through IP. My data is not that critical, but as said I want to limit access a little bit by forcing the clients to first open their browser and access a specific IP and a specific port. Then the PF should trig on that block in PF and open from the client IP to the RSS server. Of course a client can sit behind NAT and therefor give access to many computers. But again, the data is not that critical. And it's not likely they will guess the link. /Per-Olov -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x766ED29D5231C0C4