Using the iptables command directly from the knockd.conf file works well but will create duplicate entries for systems that knock multiple times. We have a Nessus scanner that manages to create many allow rules via knockd that never get cleaned up. These changes would add a shell script that does duplicate checking while still allowing configurability. The path to iptables will currently need to be set in the shell script after installation if different then the knockd.conf default. That could be changed to do a $(which iptables) if desired.
Feedback and recommendations welcome if this seems valuable. Thanks for your time!
Using the iptables command directly from the knockd.conf file works well but will create duplicate entries for systems that knock multiple times. We have a Nessus scanner that manages to create many allow rules via knockd that never get cleaned up. These changes would add a shell script that does duplicate checking while still allowing configurability. The path to iptables will currently need to be set in the shell script after installation if different then the knockd.conf default. That could be changed to do a $(which iptables) if desired.
Feedback and recommendations welcome if this seems valuable. Thanks for your time!