From c4595ff9cff2ab61631ccc07c4bc8c1f5baf91bb Mon Sep 17 00:00:00 2001
From: root <root@debian-test.bach.debian>
Date: Fri, 13 Mar 2015 00:00:55 +0100
Subject: [PATCH] knockd default conf

---
 assets/default_knockd | 15 +++++++++++++++
 assets/knockd.conf    | 26 +++++++++++++-------------
 2 files changed, 28 insertions(+), 13 deletions(-)
 create mode 100644 assets/default_knockd

diff --git a/assets/default_knockd b/assets/default_knockd
new file mode 100644
index 0000000..04effa6
--- /dev/null
+++ b/assets/default_knockd
@@ -0,0 +1,15 @@
+################################################
+#
+# knockd's default file, for generic sys config
+#
+################################################
+
+# control if we start knockd at init or not
+# 1 = start
+# anything else = don't start
+#
+# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
+START_KNOCKD=0
+
+# command line options
+#KNOCKD_OPTS="-i eth1"
diff --git a/assets/knockd.conf b/assets/knockd.conf
index 04effa6..76f3207 100644
--- a/assets/knockd.conf
+++ b/assets/knockd.conf
@@ -1,15 +1,15 @@
-################################################
-#
-# knockd's default file, for generic sys config
-#
-################################################
+[options]
+	UseSyslog
 
-# control if we start knockd at init or not
-# 1 = start
-# anything else = don't start
-#
-# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
-START_KNOCKD=0
+[openSSH]
+	sequence    = 7000,8000,9000
+	seq_timeout = 5
+	command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	tcpflags    = syn
+
+[closeSSH]
+	sequence    = 9000,8000,7000
+	seq_timeout = 5
+	command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	tcpflags    = syn
 
-# command line options
-#KNOCKD_OPTS="-i eth1"