I've been asked to provide & protect occassional roaming access to SSH listener ports at a bunch of geo-distributed boxes.
fwbuilder is really! handy for managing all the various boxes' firewall rulesets.
I do NOT want to keep SSH ports always open to the net-at-large, so I'm looking at a port-knocking setup.
Can fwbuilder setup port-knocking detection using iptables' "recent" module?
Basically, I want to have SSH listening on a closed, random port, say #12345. Then a telent to ports #11111, #22222, and #33333 in order within 30 seconds from a given IP would open port #12345 for SSH access *just* for that IP.
Here's a simple example of what'd need to be done:
I'm just not sure if, and HOW, that'd be done with fwbuilder.
Here's a link that talks about how to use the "recent" module to temporarily ban failed SSH login attempts.
You can adapt this example to match the port knocking configuration shown in the example article you mentioned. Let us know if you run into any issues.
Thanks, I think that should do it.
One thing I noticed is that when I create a CustomService object, the code string appears to be concatenated with the iptables command
So if I enter,
"-dport 10000 -m recent -name SSH -set"
when I hover over the new object, the display shows:
"iptables-dport 10000 -m recent -name SSH -set"
See? "iptables-dport" - no space.
But if I enter,
" -dport 10000 -m recent -name SSH -set"
with a leading space I get
"iptables -dport 10000 -m recent -name SSH -set"
I don't know if that's a real problem, or just one with display.
The "iptables" you see at the beginning when you hover over it just shows the type of custom service object this is, so this won't affect your generated rules.