A quick google on 'pf port knocking' turned up the following that might be of
interest.
http://www.lazyscripter.com/2010/04/port-knocking-with-pf/
On Feb 28, 2011, at 10:17 AM, Johan Söderberg wrote:
A ridiculously simple idea.
Protect your port, say ssh, by adding a code to access it.
Ok,
Johan Söderberg johan.s.u...@gmail.com writes:
For a client to connect to a service, it need to unlock the port with a code.
The code is made of predefined blocked ports, that makes pf trigger.
You have just described 'port knocking'. It's been discussed in PF
contexts before (I forget which
On Mon, February 28, 2011 10:17 am, Johan Söderberg wrote:
A ridiculously simple idea. Protect your port, say ssh, by adding a code
to access it. Ok, that's nothing new, but maybe how it's done.
For a client to connect to a service, it need to unlock the port with a
code. The code is made of
spamassassinexception
Thank you so much for your input!
If I change the knock ports every time I log in, I should be fine, right?
Please comment on my ruleset, brain fart again?
knock1 = 1
knock2 = 2
open = 22
block drop in all
block drop quick on $extif inet proto tcp \
from any to
RLW wrote:
...
ok and what about first part of my post, about setting tbrsize in pf.conf?
altq on em0 cbq bandwidth 1Gb tbrsize 4K queue { q_lan }
queue q_lan bandwidth 950Mb cbq (default)
i got error:
root@router-test (/root)# pfctl -f /etc/pf.conf
/etc/pf.conf:9: syntax error