Port knocking is a technique for securing access to a network or service by requiring clients to send a specific sequence of connection attempts to a set of "knock" ports before being granted access. This can be used to hide the service from external scanners and only allow access to trusted clients.
To set up port knocking on a Debian-based Linux system, such as Ubuntu, you can use the knockd daemon and iptables firewall. Here is an example of how to set up port knocking with knockd and iptables:
knockd and iptables-persistent packages by running the following command:sudo apt-get install knockd iptables-persistent
knockd at /etc/knockd.conf with the following contents:[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
This configuration defines two "sequences" for opening and closing access to the SSH service. The sequence option specifies the knock ports and the seq_timeout option specifies the time in seconds that each knock must occur within. The command option specifies the iptables command to run when a sequence is detected. The tcpflags option specifies that only SYN packets (TCP connection request packets) should be considered as knocks.
Use the following procedure to enable the knockd service in