Description Portknocking helps to prevent bruteforcing by allowing a particular internal port to be opened for a given external IP address only after a particular 'knock sequence' has been sent to a range of other ports. In the example in this code, TCP port 22 is closed to all hosts unless they first attempt to connect to TCP ports 2000, 2001 and 2002, in that order.

This script is a very basic implementation of a port knock daemon, which listens for the knocks (using iptables logging) and handles iptables accepts/rejects as necessary. It uses forking for each knock sequence check, which in some ways was a bad idea and is unlikely to be necessary.

Usage Either set it as executable and run it, or pass it as an argument to your perl interpreter. I'd advise running it in a screen as a background process. To stop it, simply send it a SIGTERM and it should revert all firewall rules.

Requirements

• Linux RedHat 5 derivative or later
• IPTables (tested on v1.4.5)
• IPC::Shareable (yum install perl-IPC-Shareable on Fedora 13)

Disclaimer I cannot take any responsibility for your use of this script. If you want to use it, do so at your own risk - don't come complaining to me if you lock yourself out of SSH or rely on this alone for security and fall victim to a replay attack.

To do

• Replace IPTables system calls with a module. I couldn't get IPTables::IPv4 to install, any other suggestions are welcome.
• Replace system call for tail with Perl. File::Tail was not an option.