On Apr 01 14:09:36, Marcus M|lb|sch wrote:
> Hello all,
>
>it occured to me that with a combination of some pass rules and
> adding the address via overload to a sort of "whitelist" tables you can
> implement a simple portknocking; using nothing but pf.
With a combination of opening doors, you
Marcus M|lb|sch wrote:
Hello all,
it occured to me that with a combination of some pass rules and
adding the address via overload to a sort of "whitelist" tables you
can implement a simple portknocking; using nothing but pf.
The rules would look like this:
pass in on $ext_if inet proto t
On 04/01/2010 03:09 PM, Marcus M|lb|sch wrote:
Thanks for any pointers,
You may instead be interested in exploring authpf + use of one time
passwords. Look around for donkey, s/key, opie, yubikey to get ideas.
http://www.h-online.com/security/features/One-time-passwords-for-home-users-74720
congratulations, you've broken the code!
why this is a bad idea is left as an exercise to the reader.
On Thu, Apr 01, 2010 at 02:09:36PM +0200, Marcus M?lb?sch wrote:
> Hello all,
>
>it occured to me that with a combination of some pass rules and
> adding the address via overload to a sort o
On 04/01/2010 03:09 PM, Marcus M|lb|sch wrote:
1) Is there any problem with that setup?
No, not if you do not deploy it.
Yes, if you deploy it, it may implement port-knocking.
http://marc.info/?l=openbsd-misc&w=4&r=1&s=port-knocking
/Lars
Hello all,
it occured to me that with a combination of some pass rules and
adding the address via overload to a sort of "whitelist" tables you can
implement a simple portknocking; using nothing but pf.
The rules would look like this:
pass in on $ext_if inet proto tcp from any to any port
6 matches
Mail list logo
