On 16 feb 2010, at 10.40, Claudio Jeker wrote: > On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote: >> Hi "misc" >> >> I am looking for a tool to use as a trigger for dynamically open PF ports from >> certain IP:s. >> >> I will access non critical info but want at least a port knocker as security. >> >> If I access an IP on my DMZ that is not in use on a port that is fake I want >> to dynamically add a PF rule for a totally different purpose. Let's say I >> access http://1.2.3.4:45321 which is blocked and logged in PF, what is the >> easiest way to create a trigger from the PF log or the PF log device? >> >> A cron job with grep in the PF log and then run pfctl to add the rule is from >> many points of view a bad choice... I don't want to dig through the PF log as >> it can be huge, and I don't want to use a cron job as it takes to long.. >> > > There is a way to do port knocking in pf without any external help. Maybe > you can figure it out. I will not give more hints since port knocking is a > dumb idea better spend your time reading on authpf(8). > > -- > :wq Claudio >
How do you use authpf from a IPhone or similar... The reason is to use and RSS reader that cannot autenticate. I want some sort of security for it even though it's not critical. Therefor I want to just have trigger in the PF log. To try to find an SSH client to use authpf for all RSS client capable phones is not an option. /Per-Olov
