Port Knocking

Installing knockd

apt install knockd

systemctl enable knockd

Making the config file to look something like this (remember to change the port sequence and set the interface for knockd to listen on)

nano -w /etc/knockd.conf

[options]
        UseSyslog
        interface = {ifname}
[openSSH]
        sequence    = 7000,8000,9000
        seq_timeout = 5
        command     = /sbin/iptables -A INPUT -s %IP% -p tcp -m state --state NEW --dport 22 -j ACCEPT
        tcpflags    = syn

[closeSSH]
        sequence    = 9000,8000,7000
        seq_timeout = 5
        command     = /sbin/iptables -D INPUT -s %IP% -p tcp -m state --state NEW --dport 22 -j ACCEPT
        tcpflags    = syn

Starting the service

systemctl start knockd
systemctl status knockd

Updating filtering rules and disabling direct SSH access

nano -w /etc/iptables/rc.firewall

# SSH Knock
$ipt -A INPUT -i $iface -p tcp -m state --state NEW --dport 7000 -j ACCEPT
$ipt -A INPUT -i $iface -p tcp -m state --state NEW --dport 8000 -j ACCEPT
$ipt -A INPUT -i $iface -p tcp -m state --state NEW --dport 9000 -j ACCEPT

# SSH
#$ipt -A INPUT -i $iface -p tcp -m state --state NEW --dport 22 -j ACCEPT

Installation

Operations

Port Knocking