Comment on What are your methods to harden *nix servers?
Cyber@feddit.uk 23 hours agoWould you use that on internal LAN connections or only external internet facing connections? I’m not aware (not checked) if any firewalls support it… not sure why?
iii@mander.xyz 21 hours ago
With knockd you can execute arbitrary commands upon a port knocking sequence. So any application that is configurable via terminal is eligible. Here’s a tutorial of knockd+iptables (1). Alternativly there’s (2).
You can use it wherever, as part of security in depth. It’ll have it’s largest effect on publicly facing interfaces. It does not replace having a proper ssh setup (disabling root, keys only, etc).
Cyber@feddit.uk 11 hours ago
Thanks for the links, I’ll take a look as I’ve never actually played with port knocking.