Anyone using doormand

fbsd_user fbsd_user at
Wed Jun 22 18:53:01 GMT 2005

I read your post and was interested about what doorman does so I
installed it on my 5.4 system.
Running doormand from the command line does start the daemon after
the .cf and guestlist pass syntax test. You will see it running with
ps ax command.  Remember doorman creates firewall rules on the fly
to allow the TCP packets pass through the firewall and then removes
them at the close of the session. Your firewall rules must pass
inbound udp packets on port 1001. If you have that closed in you
firewall rules doorman will never be triggered. I found running
doormand -D will display any config file syntax errors to the
console. If you change from the default /var/log/messages log file
you have to give the new log file permission of rwx just for root
user. That maybe why you see nothing in your custom log. I have not
got it working yet on allowing telnet in from public internet. I am
testing it using ipfilter firewall. You also have to create
/usr/local/etc/rc.d/ script so doormand will be started
at boot time. Will let you know my results later.

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at]On Behalf Of Gene
Sent: Tuesday, June 21, 2005 7:42 AM
To: freebsd-questions at FreeBSD. ORG
Subject: Anyone using doormand

Has anyone implemented the doorman port knocking package?

I tried to get it going on 5.4, but when I start doormand, I can
find no
evidence of it listening to it's default port (1001).
I've checked the config (see below) but all seems correct. I can
find no
of doormand or port 1001 in the output of netstat or sockstat.
have no discernible effect, telnet connections are refused, and
there is
in the doorman's log file.

Any ideas?

The file:

#  ''
interface           rl1
port                1001
waitfor             10
connection_delay_1  100000  # 1/10th second (delay is in
connection_delay_2  2
logfile                       /var/log/doorman-messages
loglevel                    debug
pidfile                      /var/run/
guestlist                   /usr/local/etc/doormand/guestlist
firewall-add            /usr/local/etc/doormand/ipf_add
firewall-del             /usr/local/etc/doormand/ipf_delete
tag-queue-length    100000
tag-queue               /var/doorman_tag_queue
tag-db                    /var/doorman_tag_db.db

freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list