6ec4ad0ae6
- Add support for tun devices [1] - Update MASTER_SITES - Make happy portlint - Bump PORTEPOCH PR: ports/159078 [1] Submitted by: Lung-Pin Chang <changlp at cs.nctu.edu.tw> Approved by: jadawin@ (mentor)
58 lines
2.3 KiB
Groff
58 lines
2.3 KiB
Groff
--- ./doc/knockd.1.in.orig 2005-06-29 20:45:17.000000000 +0200
|
|
+++ ./doc/knockd.1.in 2011-08-17 13:29:55.000000000 +0200
|
|
@@ -60,13 +60,13 @@
|
|
sequence = 7000,8000,9000
|
|
seq_timeout = 10
|
|
tcpflags = syn
|
|
- command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT
|
|
+ command = /usr/sbin/iptables -A INPUT -s %IP% --dport 22 -j ACCEPT
|
|
|
|
[closeSSH]
|
|
sequence = 9000,8000,7000
|
|
seq_timeout = 10
|
|
tcpflags = syn
|
|
- command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT
|
|
+ command = /usr/sbin/iptables -D INPUT -s %IP% --dport 22 -j ACCEPT
|
|
|
|
.fi
|
|
.RE
|
|
@@ -115,7 +115,7 @@
|
|
start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
|
|
cmd_timeout = 5
|
|
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
|
|
-
|
|
+
|
|
.fi
|
|
.RE
|
|
.SH CONFIGURATION: GLOBAL DIRECTIVES
|
|
@@ -132,7 +132,7 @@
|
|
.TP
|
|
.B "Interface = <interface_name>"
|
|
Network interface to listen on. Only its name has to be given, not the path to
|
|
-the device (eg, "eth0" and not "/dev/eth0"). Default: eth0.
|
|
+the device (eg, "fxp0" and not "/dev/fxp0"). Default: fxp0.
|
|
.SH CONFIGURATION: KNOCK/EVENT DIRECTIVES
|
|
.TP
|
|
.B "Sequence = <port1>[:<tcp|udp>][,<port2>[:<tcp|udp>] ...]"
|
|
@@ -158,7 +158,7 @@
|
|
\fBNote\fP: Do not edit the file while knockd is running!
|
|
.TP
|
|
.B "Seq_Timeout = <timeout>"
|
|
-Time to wait for a sequence to complete in seconds. If the time elapses
|
|
+Time to wait (in seconds) for a sequence to complete in seconds. If the time elapses
|
|
before the knock is complete, it is discarded.
|
|
.TP
|
|
.B "TCPFlags = fin|syn|rst|psh|ack|urg"
|
|
@@ -183,10 +183,10 @@
|
|
directive is optional, only required if \fBStop_Command\fP is used.
|
|
.TP
|
|
.B "Stop_Command = <command>"
|
|
-Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
|
|
+Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
|
|
since \fBStart_Command\fP has been executed. All instances of \fB%IP%\fP will
|
|
be replaced with the knocker's IP address. This directive is optional.
|
|
-.SH SECURITY NOTES
|
|
+.SH SECURITY NOTES
|
|
Using the \fB-l\fP or \fB--lookup\fP commandline option to resolve DNS names
|
|
for log entries may be a security risk! An attacker may find out the first port
|
|
of a sequence if he can monitor the DNS traffic of the host running knockd.
|