fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables and firewalld on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and libpcap. SPA is essentially next-generation port knocking (more on this below). The design decisions that guide the development of fwknop can be found in the blog post "Single Packet Authorization: The fwknop Approach".

Features

  • Implements Single Packet Authorization around iptables and firewalld firewalls on Linux, ipfw firewalls on *BSD and Mac OS X, and PF on OpenBSD
  • The fwknop client runs on Linux, Mac OS X, *BSD, and Windows (under Cygwin). There is also a separate Windows UI with source code available here. In addition, there is a port of the client to both the iPhone and Android phones
  • Supports both Rijndael and GnuPG methods for the encryption/decryption of SPA packets
  • Supports HMAC authenticated encryption for both Rijndael and GnuPG. The order of operation is encrypt-then-authenticate to avoid various cryptanalytic problems
  • Replay attacks are detected and thwarted by SHA-256 digest comparison of valid incoming SPA packets. SHA-1 and MD5 are also supported, but SHA-256 is the default
  • SPA packets are passively sniffed from the wire via libpcap. The fwknop server can also acquire packet data from a file that is written to by a separate Ethernet sniffer (such as with "tcpdump -w <file>"), or from the iptables ULOG pcap writer

Project Samples

fwknop Screenshot 1

Project Activity

See All Activity >

Categories

Security

License

GNU General Public License version 3.0 (GPLv3)

Follow fwknop

fwknop Web Site

You Might Also Like
Our Free Plans just got better! | Auth0 by Okta Icon
Our Free Plans just got better! | Auth0 by Okta

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of fwknop!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Perl

Related Categories

Perl Security Software

Registered

2024-09-12
Report inappropriate content