On Sun, Jul 15, 2012 at 7:49 PM, C Anthony Risinger <anthony@xtfx.me> wrote:
On Sun, Jul 15, 2012 at 6:17 PM, C Anthony Risinger <anthony@xtfx.me> wrote:


> however, it concerns me that all the machines running this report
> fwknopd as consuming a fair amount of resources, continuously.


> ... how can this be remedied?

forgot to mention that it's a linux server, kernel 3.4.4 (archlinux).
100% default configuration -- ATM i'm only using it to open SSH port
on demand.  looping is happening within pcap_capture.  if i run as a
UDP/TCP server (supported, right) it should be much lighter, yes?

I haven't tested the UDP/TCP server modes recently, but they should work.  Test suite support for them will be added soon.
> bleh, i also had a related questions
> but it's escaping me for now ...

and now i remember :-) i wanted to suggest that the INPUT chain be
configurable, and that fwknopd should simply use the chain if it
already exists (taking note of whether or not it created it) ... when
running this on Vyatta Network OS there were some issue when fwknockd
needed a restart -- chains in wrong order afterwards.

You can influence the chain from which packets are jumped to by using the IPT_INPUT_ACCESS variable.  For the existence check, do you mean for the jump-from chain?  Or the jump-to chain?  If the later, there is a check and it will be created if not.





C Anthony

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Fwknop-discuss mailing list

Michael Rash | Founder
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F