search

mrash / fwknop

Single Packet Authorization > Port Knocking
http://www.cipherdyne.org/fwknop/
GNU General Public License v2.0
1.09k stars 228 forks source link

CMD_CYCLE_OPEN for multiple ports #327

Open EDEADLINK opened 3 years ago

EDEADLINK commented 3 years ago

I am using CMD_CYCLE_OPEN to make fwknopd play nice with nftables, like so:

CMD_CYCLE_TIMER     30s
CMD_CYCLE_OPEN      /usr/sbin/nft add element inet filter fwknop_allow { $IP . $PROTO . $PORT timeout 30s expires 30s }
CMD_CYCLE_CLOSE     __NONE__

and for a single port this works fine. But if I use -A tcp/22,udp/60000 or similar the open command is only run for the first port i.e. tcp/22. I was expecting CMD_CYCLE_OPEN to be executed once for every port in the protocol/port list.

Using -T it looks like it sends the list correctly Message String: <redacted ip>,tcp/22,udp/60000

The server is running fwknopd 2.6.10