|
@@ -1,15 +1,15 @@
|
|
|
-################################################
|
|
|
-#
|
|
|
-# knockd's default file, for generic sys config
|
|
|
-#
|
|
|
-################################################
|
|
|
+[options]
|
|
|
+ UseSyslog
|
|
|
|
|
|
-# control if we start knockd at init or not
|
|
|
-# 1 = start
|
|
|
-# anything else = don't start
|
|
|
-#
|
|
|
-# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
|
|
|
-START_KNOCKD=0
|
|
|
+[openSSH]
|
|
|
+ sequence = 7000,8000,9000
|
|
|
+ seq_timeout = 5
|
|
|
+ command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
|
|
|
+ tcpflags = syn
|
|
|
+
|
|
|
+[closeSSH]
|
|
|
+ sequence = 9000,8000,7000
|
|
|
+ seq_timeout = 5
|
|
|
+ command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
|
|
|
+ tcpflags = syn
|
|
|
|
|
|
-# command line options
|
|
|
-#KNOCKD_OPTS="-i eth1"
|