Alex Malinovich wrote:
On Tue, 2004-12-28 at 16:39 +0100, Laurent CARON wrote:Knockd is IMHO useful to protect ports on which you want to connect occasionnaly.
David Baron wrote:
A home system with an email server, i.e. exim, need not lay "exposed" 24/7. Is there a way to write script to open a port such as SMTP/25 periodically for a certain amount of time, check for activity, wait till free and then close it.
This would be a cron'ed equivalent of bringing up Guarddog or some other IPtables interface, enabling access, waiting a while and seeing no (or no more) activity, bringing it up again and disabling access.
use cron and iptables for it
Allow new connection
wait 10/15 mins
forbid new connections but still allow established ones on port 25
Or you could just set up knockd on the box. It will be a lot safer since the port will only be opened when you request it with a particular knock sequence. With a cron job that port will end up being open to the world at particular times, regardless of who initiated the request.
Cron can do the job for such a simple iptables command
My 2€ Cents ;)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
