Closed BenediktS closed 8 years ago
I started with a simple configuration that worked fine. Then i added a other section in /etc/knockd.conf and tryed to load it like this:
"systemctl reload knockd.service"
in the log was a confirmation:
"knockd[10853]: Reload service KNOCKD ..done"
but the new section just didn't work. I tryed many different things, but always only the same Ports worked that worked in the beginning.
I had to shutdown the service and restart it. After that, all worked fine.
I think the problem is, that the signal SIGHUP re-reads the config
signal(SIGHUP, read_cfg);
but the filter in the Kernel are just created and loaded once. And is not recreated after a reload.
generate_pcap_filter();
so changes in the port sequenz are only efectiv when you use the same ports. if not, the changes will not work.
Should be fixed in my fork.
airwoflgh
commented
8 years ago airwoflgh
commented
8 years ago
I started with a simple configuration that worked fine. Then i added a other section in /etc/knockd.conf and tryed to load it like this:
"systemctl reload knockd.service"
in the log was a confirmation:
"knockd[10853]: Reload service KNOCKD ..done"
but the new section just didn't work. I tryed many different things, but always only the same Ports worked that worked in the beginning.
I had to shutdown the service and restart it. After that, all worked fine.
I think the problem is, that the signal SIGHUP re-reads the config
but the filter in the Kernel are just created and loaded once. And is not recreated after a reload.
so changes in the port sequenz are only efectiv when you use the same ports. if not, the changes will not work.