Would you use that on internal LAN connections or only external internet facing connections? I’m not aware (not checked) if any firewalls support it… not sure why?
Comment on What are your methods to harden *nix servers?
iii@mander.xyz 1 day ago
Port knocking is a cool technique
Cyber@feddit.uk 1 day ago
iii@mander.xyz 1 day ago
With knockd you can execute arbitrary commands upon a port knocking sequence. So any application that is configurable via terminal is eligible. Here’s a tutorial of knockd+iptables (1). Alternativly there’s (2).
You can use it wherever, as part of security in depth. It’ll have it’s largest effect on publicly facing interfaces. It does not replace having a proper ssh setup (disabling root, keys only, etc).
Cyber@feddit.uk 19 hours ago
Thanks for the links, I’ll take a look as I’ve never actually played with port knocking.
HorreC@lemmy.world 1 day ago
I have used this with second port for handshake (with no info in heading and 20 second times) and then the final port opens with key exchanged from handshake.