Port knocking is a security technique used to hide services on a network behind a firewall until a specific sequence of connection attempts (knocks) is received.
To set up port knocking on Debian or Ubuntu, you will need to install two components: knockd, which acts as the daemon that listens for knocks and opens the firewall, and iptables, which is the firewall itself.
Here’s how you can set up port knocking using knockd and iptables:
- Install the
knockdandiptablespackages:
apt-get update
apt-get install knockd iptables
- Create a configuration file for
knockd:
nano /etc/knockd.conf
In the file, add the following configuration to define the sequence of port knocks and the action to be taken:
[options]
UseSyslog
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
In this example, the first sequence (7000,8000,9000) opens the firewall to allow incoming connections on port 22 (SSH), while the second sequence (9000,8000,7000) closes the firewall to disallow incoming connections. The seq_timeout parameter defines the time in seconds that the sequence must be completed within. The tcpflags parameter sets the type of packets that the knock sequence must consist of.
- Start the
knockdservice:
service knockd start
- Verify that the
knockdservice is running:
service knockd status
- Add the
knockdservice to start automatically at boot:
update-rc.d knockd defaults
- Test the port knocking configuration by sending the port knock sequence from another computer. You can use a port knocking client such as
knockorhping3.
After you have successfully sent the knock sequence, you should be able to connect to the service that you have opened in the firewall (in this case, SSH).
Note: Make sure to configure your firewall to only allow incoming connections from trusted IP addresses, and to block all other incoming connections.