Port knocking with UFW

Jul 13, 2019

Port knocking is a security technique used to secure servers. Connection is attempted to a sequence of ports to open or close an application/service port.
UFW (Uncomplicated Firewall) is available on all recent Ubuntu versions.

knockd installation:

apt install knockd

knockd configuration file:

/etc/knockd.conf

[options] UseSyslog [SSH] sequence = 7000,8000,9000 seq_timeout = 5 start_command = ufw allow from %IP% to any port 22 tcpflags = syn cmd_timeout = 10 stop_command = ufw delete allow from %IP% to any port 22

The sequence for opening port 22 is 7000–8000–9000. The SSH port will be open for 10 seconds before it is closed again. SSH access is enabled only for the IP which is knocking.
The ports in the knocking sequence should be allowed in the firewall first.

Written by Adithya

6 Followers

DevOps, IoT and amateur radio

More from Adithya

Adithya

Replacing switches on Logitech G502

I’ve been using the Logitech G502 Hero for almost 4 years now. It’s incredibly popular and for good reason. Lately, mine has been missing…

2 min readJan 21

Adithya

Receiving DMR via RTLSDR

DMR is a hot topic right now amongst the Bangalore Hams. As the name says, DMR(Digital Mobile Radio) is a digital means of communication of…

1 min readJun 26

Adithya

Relay with HomeKit and NodeMCU

Initially I just wanted to setup a relay for a tubelight with my Raspberry Pi Pico W. Unfortunately, I couldn’t find any HomeKit libraries…

2 min readJan 7

Maven build stage status from Jenkins to Slack

Adithya

Maven build stage status from Jenkins to Slack

Notify Slack about build stage status from a Maven Job from Jenkins. Assuming Slack incoming webhooks and few secret bindings in Jenkins…

1 min readApr 21, 2019

See all from Adithya

Recommended from Medium

How To Install TLS/SSL on Docker Nginx Container With Let’s Encrypt

Macdonald Chika

How To Install TLS/SSL on Docker Nginx Container With Let’s Encrypt

Discover how to secure your Nginx Docker container by leveraging Let’s Encrypt and Certbot.

5 min readJun 9

Windows Privilege Escalation — Service directory write based privesc and Unquoted Service Path

Nikhil Anand

Windows Privilege Escalation — Service directory write based privesc and Unquoted Service Path

Service directory write based privesc and Unquoted Service Path

5 min readSep 10

Lists

General Coding Knowledge

20 stories358 saves

Now in AI: Handpicked by Better Programming

266 stories153 saves

New_Reading_List

174 stories114 saves

Productivity

230 stories107 saves

Coding Beauty
in
Dev Genius

10 essential VS Code tips & tricks for greater productivity

Boost your productivity with VS Code: discover key features to enhance your coding experience and achieve your goals faster than ever.

10 min readAug 20

Ansible: Passwordless SSH Authentication using public-private key pairs.

Sudheer

Ansible: Passwordless SSH Authentication using public-private key pairs.

If you interact regularly with SSH commands and remote hosts, you may find that using a key pair instead of passwords can be convenient…

4 min readMay 5

Fsegredo

Docker Scout

Docker Scout is an advanced image analysis by docker (Deprecating docker scan). As you may already know, images are made up of many layers…

5 min readAug 2

Emre Çalışkan
in
Beyn Technology

Is Nginx dead? Is Traefik v3 20% faster than Traefik v2?

As web applications become more complex and traffic-intensive, choosing a high-performing reverse proxy server is critical for delivering…

6 min readApr 12

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams