Port Knocking configures iptables to offer port knocking to open sensitive ports based on a sequence of knocked ports for the connecting IP address. For more information on port knocking see http://www.portknocking.org/
• This feature does not work on servers that do not have the iptables module ipt_recent loaded.
• VPS server admins should check with their VPS host provider that the iptables module is included.
The feature requires that you list a random selection of unused ports (at least 3) with a timeout.
The ports you choose must not be in use and not appear in
UDP_IN (for udp packets). The port to be opened must also not appear in
UDP_IN (for udp packets).
PORTKNOCKING = "22;TCP;20;100;200;300;400"
• IP addresses do not appear in any of the iptables chains when using this module. You must view the
/proc/net/ipt_recent/*files as per the module documentation to view IP addresses in the various stages of the knock.
• Restarting CSF resets the ipt_recent tables and removes all of the knocks.
• By default ipt_recent tracks only the last 100 IP addresses. The tracked IP addresses can be viewed in
More information about the ipt_recent module can be found in the iptables man page and at http://snowman.net/projects/ipt_recent/
||Port Knocking alert template|