Diff to Knock.pm from http://www.shorewall.net/ManualChains.html http://pastebin.com/V3hu201C
Changes: * Support for more then one port. * Clear state if knock out of order. - if too early. - if too late. - this will break you if using the same port more then once. * Fixed issue with logging, where DROP would log even when nothing dropped. * WARNING, rejects a correct knock. This is a security (*)risk, but so is knock, and it's essential with the above out of order tests. More robust, YMMV. (*) My thinking is who is going to probe around after finding one port that rejects, if you have 3 or even 5 other ports it becomes impossible to do anything with this. However one should note that this will lead to an easy crack if you just have one port. A web page that will keep your Knock going so the port is always open, HTML 5 local storage enabled. http://pastebin.com/bzDgL5BN * This page depends on rejecting a correct knock, browsers don't time-out easily. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
