How to keep your ports private — Port knocking with knockd

Knock knock, anybody home?
sudo apt install knockd
sudo vim /etc/knockd.conf
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT
[options]
logfile = /var/log/knockd.log
#[openSSH]
# sequence = 7000,8000,9000
# seq_timeout = 10
# tcpflags = syn
# command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT
#[closeSSH]
# sequence = 9000,8000,7000
# seq_timeout = 10
# tcpflags = syn
# command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT
[options]
logfile = /var/log/knockd.log
[openSSHandRDP]
sequence = 1941,1942,1945
seq_timeout = 5
start_command = /usr/sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT; /usr/sbin/iptables -I INPUT -s %IP% -p tcp --dport 3389 -j ACCEPT
cmd_timeout = 500
tcpflags = syn
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT; /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 3389 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 3389 -j DROP
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3389 -j DROP
sudo apt install knock
knock <hostname/IP> 1941 1942 1945
knock -d 100 <hostname/IP> 1941 1942 1945

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store