ipfw and temporary port access
admin2 at enabled.com
Sat Oct 7 10:27:59 PDT 2006
Daniel Bye wrote:
> On Sat, Sep 16, 2006 at 03:06:13PM -0700, Noah wrote:
>> Hi there,
>> I am trying to figure out how to open a port temporarily for a specific
>> IP who is able to provide a proper username and password on the website
>> of the box. After authentication is verified then the IP address is
>> cached and temporarily allowed to access a specific port on the
>> server. This temporary firewall changes would be handled by ipfw.
>> Any clues if a system like this is a already coded and out there somewhere?
> Take a look at security/doorman or security/knock, both of which might
> fit the bill.
I have really specific needs and wondering if somebody has written a
port knocker out there already that fits the criteria of what I am
1) User needs to telnet to specific port and/or log into a website.
2) Learns the IP address that the user is coming from in step 1.
3) Opens ssh port to specifically to the IP address grabbed in step 1
but also keeps ssh port open to statically defined IPs in /etc/rc.firewall .
4) As soon as the user disconnects from the ssh port the IP address in
step 1 no longer can access the ssh port unless they log back in like
the procedure in step 1.
I reviewed two programs doorman and knock (found in FreeBSD
I am unable to figure out how to configure the ability to capture the IP
address of where the UDP packet was sent. Therefore this program does
not completely match what I am looking for, or I do not understanding
how to configure it.
This is nice but still requires closing the port as a step when done.
It would be nice to automatically close the ssh port when the user
disconnects from the ssh port. Also I am not clear but I don't think
there is a way to grab the source IP address, right?
Anybody know of other programs I could check out?
More information about the freebsd-questions