fixed knockd

2018-04-05 19:31:53 +02:00
parent ae1cc72a2b
commit 6d5d610189
2 changed files with 19 additions and 24 deletions
--- a/assets/knockd.conf
+++ b/assets/knockd.conf
@@ -1,15 +1,10 @@
 [options]
-	UseSyslog
-
-[openSSH]
-	sequence    = 7000,8000,9000
-	seq_timeout = 5
-	command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
-	tcpflags    = syn
-
-[closeSSH]
-	sequence    = 9000,8000,7000
-	seq_timeout = 5
-	command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
-	tcpflags    = syn
+      logfile = /var/log/knockd.log

+[SSH]
+      sequence    = 7000,8000,9000
+      seq_timeout = 5
+      start_command = ufw allow from %IP% to any port 22
+      tcpflags    = syn
+      cmd_timeout   = 10
+      stop_command  = ufw delete allow from %IP% to any port 22