knockd

Section: (1)
Updated: April 13, 2004
Index Return to Main Contents
 

NAME

knockd - port-knock server  

SYNOPSIS

knockd [options]  

DESCRIPTION

knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.  

OPTIONS

-i, --interface <int>
Specify an interface to listen on. The default is eth0.
-d, --daemon
Become a daemon. This is usually desired for normal server-like operation.
-c, --config <file>
Specify an alternate location for the config file. Default is /etc/knockd.conf.
-D, --debug
Ouput debugging messages.
-v, --verbose
Output verbose status messages.
-V, --version
Display the version.
-h, --help
Syntax help.
 

CONFIGURATION

knockd reads all knock/event sets from a configuration file. Each knock/event begins with a title marker, in the form [name], where name is the name of the event that will appear in the log. A special marker, [options], is used to define global options.
 

Example:

This example uses two knocks. The first will allow the knocker to access port 22 (SSH), and the second will close the port when the knocker is complete. As you can see, this could be useful if you run a very restrictive (DENY policy) firewall and would like to access it discreetly. 

[options]
        LogFile = /var/log/knockd.log

[openSSH]
        sequence = 7000,8000,9000
        protocol = tcp
        timeout  = 15
        command  = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT

[closeSSH]
        sequence = 9000,8000,7000
        protocol = tcp
        timeout  = 15
        command  = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT
 

CONFIGURATION: OPTIONS

UseSyslog
Log action messages through syslog(). This will insert log entries into your /var/log/messages or equivalent.
LogFile = /path/to/file
Log actions directly to a file, usually /var/log/knockd.log.
Sequence = port,port,port...
Specify the sequence of ports in the special knock.
Protocol = tcp|udp
Use either TCP or UDP for port-hits.
Command = command
Specify the command to be executed when a client makes the correct port-knock. All instances of %IP% will be replaced with the knocker's IP address.
 

SEE ALSO

knock is the accompanying port-knock client, though telnet or netcat could be used (for TCP knocks) instead.  

AUTHOR

Judd Vinet <jvinet@zeroflux.org>

 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
CONFIGURATION
Example:
CONFIGURATION: OPTIONS
SEE ALSO
AUTHOR
This document was created by man2html, using the manual pages.
Time: 23:28:01 GMT, April 13, 2004