zakwan
April 3, 2024, 7:49am
1
Hi,
[options]
logfile = /var/log/knocd.log
interface = eth0
[opencloseSSH]
sequence = 3423:udp,1238:udp,6548:udp
seq_timeout = 15
tcpflags = syn,ack
start_command = /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper delete firewall name ROUTER-ETH0-LOCAL rule 110 disable && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end
cmd_timeout = 60
stop_command = /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall name ROUTER-ETH0-LOCAL rule 110 disable && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit && /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end
restart knockd
Below screenshot is the result after I have run the port knock :
Its failed to run the command using port knock.
tjh
April 4, 2024, 3:03am
2
This should help you.
Create a single script with the command(s) you want in it and call that.
https://docs.vyos.io/en/equuleus/automation/command-scripting.html
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
delete firewall name ROUTER-ETH0-LOCAL rule 110 disable
commit
exit
zakwan
April 4, 2024, 4:30am
3
Hi @tjh
I’ve tried your script but still show same error :
Script is in knockd.log. Already chmod the script.
Result shows returned non-zero status code as below
n.fort
April 4, 2024, 9:38am
4
You can check latest 1.4 or 1.5 images, it includes dynamic address groups, used for port knocking.⚓ T4839 Dynamic Firewall groups
zakwan
April 18, 2024, 3:17am
5
I have found the solution. I need to run iptables command to open ssh port. So I don’t need to change anything in firewall rules (by default to drop any packet). Below is the example
[options]
[openSSH]
1 Like
