mirrors/knockd
1
0
Fork 0
mirror of https://salsa.debian.org/debian/knockd synced 2026-01-07 11:45:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New upstream version 0.7

Browse Source
This commit is contained in:
Leo Antunes
2016-09-28 19:41:01 +02:00
parent 0e2c96c9ef
commit b2567e2868
19 changed files with 8417 additions and 7773 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/knockd.1.in
View File

@@ -60,13 +60,13 @@ firewall and would like to access it discreetly.
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT
command = /usr/sbin/iptables -A INPUT -s %IP% --dport 22 -j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT
command = /usr/sbin/iptables -D INPUT -s %IP% --dport 22 -j ACCEPT
.fi
.RE
@@ -135,7 +135,7 @@ Network interface to listen on. Only its name has to be given, not the path to
the device (eg, "eth0" and not "/dev/eth0"). Default: eth0.
.SH CONFIGURATION: KNOCK/EVENT DIRECTIVES
.TP
.B "Sequence = <port1>[:<tcp|udp>][,<port2>[:<tcp|udp>] ...]"
.B "Sequence = <port1>[:<tcp|udp>],<port2>[:<tcp|udp>][,<port3>[:<tcp|udp>] ...]"
Specify the sequence of ports in the special knock. If a wrong port with
the same flags is received, the knock is discarded. Optionally, you can
define the protocol to be used on a per-port basis (default is TCP).
@@ -172,6 +172,13 @@ interfere with (and thus invalidate) the knock.
Separate multiple flags with commas (eg, TCPFlags = syn,ack,urg). Flags can be
explicitly excluded by a "!" (eg, TCPFlags = syn,!ack).
.TP
.B "Target = <ip-address>"
Use the specified IP address instead of the address determined for the
\fBInterface\fP when matching the \fBSequence\fP.
This is useful if knockd is running on a router and you want to do something
in response to an actual connection attempt to a routed host - e.g., invoking
etherwake to send the host a WOL packet.
.TP
.B "Start_Command = <command>"
Specify the command to be executed when a client makes the correct
port-knock. All instances of \fB%IP%\fP will be replaced with the
@@ -179,8 +186,8 @@ knocker's IP address. The \fBCommand\fP directive is an alias for
\fBStart_Command\fP.
.TP
.B "Cmd_Timeout = <timeout>"
Time to wait between \fBStart_Command\fP and \fBStop_Command\fP. This
directive is optional, only required if \fBStop_Command\fP is used.
Time to wait (in seconds) between \fBStart_Command\fP and \fBStop_Command\fP.
This directive is optional, only required if \fBStop_Command\fP is used.
.TP
.B "Stop_Command = <command>"
Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed