Hi everyone Had some trouble with knockd and the current version of shorewall. My problem was with 5.2 and Raspberry pi but likely applies to other versions also So here are the changes I made for /etc/knockd configuration.
[options] logfile = /var/log/knockd.log # example for opening www via knockd # replace ppp0 with your external interface! # to use it: # - include ipset package in leaf.cfg # - create a new zone knock in shorewall/zones containing # knock:net ipv4 dynamic_shared # don't forget to uncomment # - create a dynamic host in shorewall/hosts file containing # knock ppp0:dynamic # don't forget to uncomment # - add a rule to the shorewall/rules file (for ssh) # ACCEPT knock fw tcp 80 # don't forget to uncomment # note changes to command line below # - you must restart knockd after the ppp0 interface comes up # I put it in a script file /etc/ppp/if-up [openWWW] sequence = 7000,8000,9000 seq_timeout = 5 command = /sbin/shorewall add knock %IP% tcpflags = syn # [closeWWW] sequence = 9000,8000,7000 seq_timeout = 5 command = /sbin/shorewall delete knock %IP% tcpflags = syn -------------------------------------------------------------------------------------------------------------------------- /etc/ppp/if-up #!/bin/sh svi knockd restart esac exit0 I chmod'd it a+x ------------------------------------------------------------------------------ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/