{"id":15261,"date":"2024-08-28T17:29:58","date_gmt":"2024-08-28T17:29:58","guid":{"rendered":"https:\/\/goodwriterz.com\/site\/?p=15261"},"modified":"2024-08-28T17:29:58","modified_gmt":"2024-08-28T17:29:58","slug":"how-to-use-port-knocking-on-linux-and-why-you-shouldnt","status":"publish","type":"post","link":"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/","title":{"rendered":"How to Use Port Knocking on Linux (and Why You Shouldn&#8217;t)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >\u062c\u062f\u0648\u0644 \u0627\u0644\u0645\u062d\u062a\u0648\u064a\u0627\u062a<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#Key_Takeaways\" title=\"Key Takeaways\">Key Takeaways<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#Port_Knocking_Is_a_%E2%80%9CSecret_Knock%E2%80%9D\" title=\"Port Knocking Is a &#8220;Secret Knock&#8221;\">Port Knocking Is a &#8220;Secret Knock&#8221;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#Installing_knockd\" title=\"Installing knockd\">Installing knockd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#Configuring_knockd\" title=\"Configuring knockd\">Configuring knockd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#The_Firewall_Rules\" title=\"The Firewall Rules\">The Firewall Rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#The_knockd_Configuration_File_Edits\" title=\"The knockd Configuration File Edits\">The knockd Configuration File Edits<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#The_knockd_Control_File_Edits\" title=\"The knockd Control File Edits\">The knockd Control File Edits<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#The_Proof_Is_in_the_Pudding\" title=\"The Proof Is in the Pudding\">The Proof Is in the Pudding<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/#Knock_It_on_the_Head\" title=\"Knock It on the Head\">Knock It on the Head<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<section class=\"emaki-custom-block emaki-custom-key-points\">\n<div class=\"emaki-custom key-points\" id=\"custom_block_0\">\n<h3 class=\"title icon i-list\"><span class=\"ez-toc-section\" id=\"Key_Takeaways\"><\/span>Key Takeaways<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"custom_block-content key-points\">\n<ul>\n<li> Port knocking is a method of securing a server by closing firewall ports and allowing access only if a specific sequence of connection attempts is made. <\/li>\n<li> Port knocking should not be relied upon as the sole form of security, as it can be easily breached if the secret knock is revealed. <\/li>\n<\/ul>\n<\/div><\/div>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":0,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":0,\"nbrPlacementsScanned\":0,\"ruleCount\":200,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":240} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":0,\"ruleCount\":200,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":200,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/section>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":0} --><br \/>\n<!-- No winning ad found for zone: below first paragraph! --><\/p>\n<p> Port knocking is a way to secure a server by closing firewall ports\u2014even those you know will be used. Those ports are opened on demand if\u2014and only if\u2014the connection request provides the secret knock. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":219} --><br \/>\n<!-- No winning ad found for zone: native in content! --><\/p>\n<h2 id=\"port-knocking-is-a-quot-secret-knock-quot\"><span class=\"ez-toc-section\" id=\"Port_Knocking_Is_a_%E2%80%9CSecret_Knock%E2%80%9D\"><\/span> Port Knocking Is a &#8220;Secret Knock&#8221; <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> In the 1920s, when <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.google.com\/search?q=prohibition&amp;oq=prohiti&amp;aqs=chrome.1.69i57j0l5.4040j1j7&amp;sourceid=chrome&amp;ie=UTF-8\">prohibition<\/a> was in full swing, if you wanted to get into a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Speakeasy\">speakeasy,<\/a> you had to know the secret knock and tap it out correctly to get inside. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":382} --><\/p>\n<p> Port knocking is a modern equivalent. If you want people to have access to services on your computer but don&#8217;t want to open your firewall to the internet, you can use port knocking. It allows you to close the ports on your firewall that allow incoming connections and have them open automatically when a prearranged pattern of connection attempts is made. The sequence of connection attempts acts as the secret knock. Another secret knock closes the port. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":843} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":843,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":57,\"nextBlockCount\":508,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1351} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> Port knocking is something of a novelty, but it&#8217;s important to know it&#8217;s an example of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Security_through_obscurity\">security through obscurity,<\/a> and that concept is fundamentally flawed. The secret of how to access a system is safe because only those in a specific group know it. But once that secret is out\u2014either because it&#8217;s revealed, observed, guessed, or worked out\u2014your security is void. You&#8217;re better off securing your server in other, stronger ways, like requiring key-based logins for an SSH server. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":451} --><\/p>\n<p> The most robust approaches to cybersecurity are multilayered, so, perhaps port knocking should be one of those layers. The more layers, the better, right? However, you could argue that port knocking doesn&#8217;t add much (if anything) to a properly hardened, secure system. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":725} --><\/p>\n<p> Cybersecurity is a vast and complicated topic, but you shouldn&#8217;t use port knocking as your only form of defense. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":843} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":843} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":843,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":57,\"nextBlockCount\":345,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1188} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<h2 id=\"installing-knockd\"><span class=\"ez-toc-section\" id=\"Installing_knockd\"><\/span> Installing knockd <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> To demonstrate port knocking, we&#8217;re going to use it to control port 22, which is the SSH port. We&#8217;ll use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/linux.die.net\/man\/1\/knockd\">a tool called knockd<\/a>. Use apt-get to install this package onto your system if you use Ubuntu or another Debian-based distribution. On other Linux distributions, use your Linux distribution\u2019s package management tool, instead. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":288} --><\/p>\n<p> Type the following: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":309} --><\/p>\n<pre>sudo apt-get install knockd<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":338} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo apt-get install knockd in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":578} --><\/p>\n<p> You probably already have the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/man7.org\/linux\/man-pages\/man8\/iptables.8.html\">iptables firewall<\/a> installed on your system, but you might need to install the <code>iptables-persistent<\/code> package. It handles the automatic loading of saved <code>iptable<\/code> rules. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":773} --><\/p>\n<p> Type the following to install it: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":808} --><\/p>\n<pre>sudo apt-get install iptables-persistent<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":850} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":850,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":50,\"nextBlockCount\":240,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1090} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo apt-get install iptables-persistent in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866189_259_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866189_259_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":190} --><\/p>\n<p> When the IPV4 configuration screen appears, press the space bar to accept the &#8220;Yes&#8221; option. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":293} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"382\" loading=\"lazy\" alt=\"iptables-persistent IPV4 screen\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_652_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_652_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C382&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":533} --><\/p>\n<p> Press the space bar again in IPv6 configuration screen to accept the &#8220;Yes&#8221; option and move on. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":639} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"382\" loading=\"lazy\" alt=\"iptables-persistent IPV6 screen\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_8_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_8_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C382&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":879} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":879,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":21,\"nextBlockCount\":155,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1034} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> The following command tells <code>iptables<\/code> to allow established and ongoing connections to continue. We&#8217;ll now issue another command to close the SSH port. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":134} --><\/p>\n<p> If someone is connected by SSH when we issue this command, we don&#8217;t want them to be cut off: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":232} --><\/p>\n<pre>sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":309} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"77\" loading=\"lazy\" alt=\"sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_988_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_988_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C77&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":549} --><\/p>\n<p> This command adds a rule to the firewall, that says: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":603} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":603,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":297,\"nextBlockCount\":1005,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1608} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<ul>\n<li><strong>-A<\/strong>: Append the rule to the firewall rules table. That is, add it to the bottom. <\/li>\n<li><strong>INPUT<\/strong>: This is a rule about incoming connections. <\/li>\n<li><strong>-m conntrack<\/strong>: Firewall rules act upon network traffic (packets) that match criteria in the rule. The <code>-m<\/code> parameter causes <code>iptables<\/code> to use extra packet matching modules\u2014in this case, the one called <code>conntrack<\/code> works with the network connection tracking capabilities of the kernel. <\/li>\n<li><strong>&#8211;cstate ESTABLISHED,RELATED<\/strong>: This specifies the type of connection to which the rule will apply, namely ESTABLISHED and RELATED connections. An established connection is one that&#8217;s already in progress. A related connection is one that&#8217;s made due to an action from an established connection. Perhaps someone who is connected wants to download a file; that might happen over a new connection initiated by the host. <\/li>\n<li><strong>-j ACCEPT<\/strong>: If the traffic matches the rule, jump to the ACCEPT target in the firewall. In other words, the traffic is accepted and allowed to pass through the firewall. <\/li>\n<\/ul>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":708} --><\/p>\n<p> Now we can issue the command to close the port: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":757} --><\/p>\n<pre>sudo iptables -A INPUT -p tcp --dport 22 -j REJECT<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":809} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":809,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":91,\"nextBlockCount\":240,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1049} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo iptables -A INPUT -p tcp --dport 22 -j REJECT in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_650_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_650_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":149} --><\/p>\n<p> This command adds a rule to the firewall, that says: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":203} --><\/p>\n<ul>\n<li><strong>-A<\/strong>: Append the rule to the firewall rules table, i.e., add it to the bottom. <\/li>\n<li><strong>INPUT<\/strong>: This rule is about incoming connections. <\/li>\n<li><strong>-p tcp<\/strong>: This rule applies to traffic that uses the Transmission Control Protocol. <\/li>\n<li><strong>&#8211;dport 22<\/strong>: This rule specifically applies to TCP traffic that targets port 22 (the SSH port). <\/li>\n<li><strong>-j REJECT<\/strong>: If the traffic matches the rule, jump to the REJECT target in the firewall. So, if the traffic is rejected, it&#8217;s not permitted through the firewall. <\/li>\n<\/ul>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":670} --><\/p>\n<p> We must start the <code>netfilter-persistent<\/code> daemon. We can do so with this command: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":750} --><\/p>\n<pre>sudo systemctl start netfilter-persistent<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":793} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":793,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":107,\"nextBlockCount\":240,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1033} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo systemctl start netfilter-persistent in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_685_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_685_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":133} --><\/p>\n<p> We want <code>netfilter-persistent<\/code> to go through <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/manpages.ubuntu.com\/manpages\/xenial\/man8\/netfilter-persistent.8.html\">a save and reload cycle,<\/a> so it loads and controls the <code>iptable<\/code> rules. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":246} --><\/p>\n<p> Type the following commands: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":276} --><\/p>\n<pre>sudo netfilter-persistent save<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":308} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo netfilter-persistent save in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_483_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866190_483_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":548} --><\/p>\n<pre>sudo netfilter-persistent reload<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":582} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo netfilter-persistent reload in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_318_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_318_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":822} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":822,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":78,\"nextBlockCount\":176,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":998} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> You&#8217;ve now installed the utilities, and the SSH port is closed (hopefully, without terminating anyone&#8217;s connection). Now, it&#8217;s time to configure the secret knock. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":98} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":98} --><\/p>\n<h2 id=\"configuring-knockd\"><span class=\"ez-toc-section\" id=\"Configuring_knockd\"><\/span> Configuring knockd <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> There are two files you edit to configure <code>knockd<\/code>. The first is the following <code>knockd<\/code> configuration file: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":203} --><\/p>\n<pre>sudo gedit \/etc\/knockd.conf<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":232} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo gedit \/etc\/knockd.conf in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_130_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_130_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":472} --><\/p>\n<p> The <code>gedit<\/code> editor opens with the <code>knockd <\/code> configuration file loaded. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":540} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"352\" loading=\"lazy\" alt=\"The knockd config file in the gedit editor\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_530_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_530_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C352&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":780} --><\/p>\n<p> We&#8217;ll edit this file to suit our needs. The sections we&#8217;re interested in are &#8220;openSSH&#8221; and &#8220;closeSSH.&#8221; The following four entries are in each section: <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":960} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<ul>\n<li><strong>sequence<\/strong>: The sequence of ports someone must access to open or close port 22. The default ports are 7000, 8000, and 9000 to open it, and 9000, 8000, and 7000 to close it. You can change these or add more ports to the list. For our purposes, we&#8217;ll stick with the defaults. <\/li>\n<li><strong>seq_timeout<\/strong>: The time period within which someone has to access the ports to trigger it to open or close. <\/li>\n<li><strong>command<\/strong>: The command sent to the <code>iptables<\/code> firewall when the open or close action is triggered. These commands either add a rule to the firewall (to open the port) or take it out (to close the port). <\/li>\n<li><strong>tcpflags<\/strong>: The type of packet each port must receive in the secret sequence. A SYN (synchronize) packet is the first in a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Transmission_Control_Protocol#Connection_establishment\">TCP<\/a> connection request, called a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Handshaking#TCP_three-way_handshake\">three-way handshake<\/a>. <\/li>\n<\/ul>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":757} --><\/p>\n<p> The &#8220;openSSH&#8221; section can be read as &#8220;a TCP connection request must be made to ports 7000, 8000, and 9000\u2014in that order and within 5 seconds\u2014for the command to open port 22 to be sent to the firewall.&#8221; <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":992} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> The &#8220;closeSSH&#8221; section can be read as &#8220;a TCP connection request must be made to ports 9000, 8000, and 7000\u2014in that order and within 5 seconds\u2014for the command to close port 22 to be sent to the firewall.&#8221; <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":237} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":237} --><\/p>\n<h2 id=\"the-firewall-rules\"><span class=\"ez-toc-section\" id=\"The_Firewall_Rules\"><\/span> The Firewall Rules <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> The &#8220;command&#8221; entries in the openSSH and closeSSH sections remain the same, except for one parameter. This is how they&#8217;re comprised: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":385} --><\/p>\n<ul>\n<li><strong>-A<\/strong>: Append the rule to the bottom of the firewall rules list (for the openSSH command). <\/li>\n<li><strong>-D<\/strong>: Delete the command from the firewall rules list (for the closeSSH command). <\/li>\n<li><strong>INPUT<\/strong>: This rule is concerned with incoming network traffic. <\/li>\n<li><strong>-s %IP%<\/strong>: The IP address of the device requesting a connection. <\/li>\n<li><strong>-p<\/strong>: Network protocol; in this case, it&#8217;s TCP. <\/li>\n<li><strong>&#8211;dport<\/strong>: The destination port; in our example, it&#8217;s port 22. <\/li>\n<li><strong>-j ACCEPT<\/strong>: Jump to the accept target within the firewall. In other words, let the packet drop through the rest of the rules without acting on it. <\/li>\n<\/ul>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":939} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":0} --><\/p>\n<h2 id=\"the-knockd-configuration-file-edits\"><span class=\"ez-toc-section\" id=\"The_knockd_Configuration_File_Edits\"><\/span> The knockd Configuration File Edits <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> The edits we&#8217;ll make to the file are highlighted in red below: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":68} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"352\" loading=\"lazy\" alt=\"The knockd config file in the gedit editor with the edits highlighted\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_598_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_598_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C352&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":308} --><\/p>\n<p> We extend the &#8220;seq_timeout&#8221; to 15 seconds. This is generous, but if someone&#8217;s manually firing in connection requests, he might need this much time. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":471} --><\/p>\n<p> In the &#8220;openSSH&#8221; section, we change the <code>-A<\/code> (append) option in the command to <code>-I<\/code> (insert). This command inserts a new firewall rule at the top of the firewall rule list. If you leave the <code>-A<\/code> option, it appends the firewall rule list and puts it at the bottom. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":740} --><\/p>\n<p> Incoming traffic is tested against each firewall rule in the list from the top down. We already have a rule that closes port 22. So, if incoming traffic is tested against that rule before it sees the rule that allows the traffic, the connection is refused; if it sees this new rule first, the connection is allowed. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1057} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> The close command removes the rule added by openSSH from the firewall rules. SSH traffic is once more handled by the pre-existing &#8220;port 22 is closed&#8221; rule. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":167} --><\/p>\n<p> After you make these edits, save the configuration file. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":225} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":225} --><\/p>\n<h2 id=\"the-knockd-control-file-edits\"><span class=\"ez-toc-section\" id=\"The_knockd_Control_File_Edits\"><\/span> The knockd Control File Edits <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> The <code>knockd<\/code> control file is altogether simpler. Before we dive in and edit that, though, we need to know the internal name for our network connection; to find it, type this command: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":407} --><\/p>\n<pre>ip addr<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":416} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"352\" loading=\"lazy\" alt=\"ip addr in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_96_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866191_96_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C352&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":656} --><\/p>\n<p> The connection this machine uses to research this article is called <code>enp0s3<\/code>. Make a note of the name of your connection. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":777} --><\/p>\n<p> The following command edits the <code>knockd<\/code> control file: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":831} --><\/p>\n<pre>sudo gedit \/etc\/default\/knockd<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":863} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":863,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":37,\"nextBlockCount\":240,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1103} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo gedit \/etc\/default\/knockd in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_959_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_959_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":203} --><\/p>\n<p> Here&#8217;s the <code>knockd<\/code> file in <code>gedit<\/code>. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":241} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"232\" loading=\"lazy\" alt=\"the knockd control file in gedit\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_891_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_891_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C232&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":481} --><\/p>\n<p> The few edits we need to make are highlighted in red: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":536} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"232\" loading=\"lazy\" alt=\"the knockd control file in gedit with the edits highlighted\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_365_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_365_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C232&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":776} --><\/p>\n<p> We changed the &#8220;START_KNOCKD=&#8221; entry to from 0 to 1. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":840} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":840,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":60,\"nextBlockCount\":233,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1073} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> We also removed the hash <code>#<\/code> from the start of the &#8220;KNOCKD_OPTS=&#8221; entry, and replaced &#8220;eth1&#8221; with the name of our network connection, <code>enp0s3<\/code>. Of course, if your network connection is <code>eth1<\/code>, you won&#8217;t change it. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":173} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":173} --><\/p>\n<h2 id=\"the-proof-is-in-the-pudding\"><span class=\"ez-toc-section\" id=\"The_Proof_Is_in_the_Pudding\"><\/span> The Proof Is in the Pudding <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> It&#8217;s time to see if this works. We&#8217;ll start the <code>knockd<\/code> daemon with this command: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":263} --><\/p>\n<pre>sudo systemctrl start knockd<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":293} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"57\" loading=\"lazy\" alt=\"sudo systemctrl start knockd in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_709_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_709_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C57&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":533} --><\/p>\n<p> Now, we&#8217;ll jump on another machine and try to connect. We installed the <code>knockd<\/code> tool on that computer, too, not because we want to set up port knocking, but because the <code>knockd<\/code> package provides another tool called <code>knock<\/code>. We&#8217;ll use this machine to fire in our secret sequence and do the knocking for us. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":843} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":843,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":57,\"nextBlockCount\":161,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1004} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> Use the following command to send your secret sequence of connection requests to the ports on the port knocking host computer with the IP address 192.168.4.24: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":104} --><\/p>\n<pre>knock 192.168.4.24 7000 8000 9000 -d 500<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":146} --><\/p>\n<p> This tells <code>knock<\/code> to target the computer at IP address 192.168.4.24 and fire a connection request to ports 7000, 8000, and 9000, in turn, with a <code>-d<\/code> (delay) of 500 milliseconds between them. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":336} --><\/p>\n<p> A user called &#8220;dave&#8221; then makes an SSH request to 192.168.4.24: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":411} --><\/p>\n<pre>ssh dave@192.168.4.24<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":434} --><\/p>\n<p> His connection is accepted, he enters his password, and his remote session begins. His command prompt changes from <code>dave@nostromo<\/code> to <code>dave@howtogeek<\/code>. To log out of the remote computer, he types: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":628} --><\/p>\n<pre>exit<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":634} --><\/p>\n<p> His command prompt returns to his local computer. He uses <code>knock<\/code> once more, and this time, it targets the ports in reverse order to close the SSH port on the remote computer. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":809} --><\/p>\n<pre>knock 192.168.4.24 9000 8000 7000 -d 500<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":851} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":851,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":49,\"nextBlockCount\":240,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1091} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":16,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":16,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":16,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"436\" loading=\"lazy\" alt=\"Port knocking and ssh connection session in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_998_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866192_998_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C436&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":191} --><\/p>\n<p> Admittedly, this wasn&#8217;t a particularly fruitful remote session, but it demonstrates the opening and closing of the port via port knocking and fits in a single screenshot. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":367} --><\/p>\n<p> So, what did this look like from the other side? The system administrator on the port knocking host uses the following command to view new entries that arrive in the system log: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":546} --><\/p>\n<pre>tail -f \/var\/log\/syslog<\/pre>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":571} --><\/p>\n<div class=\"body-img landscape \">\n<div class=\"responsive-img image-expandable img-article-item\">\n<figure><img data-recalc-dims=\"1\" decoding=\"async\" width=\"646\" height=\"380\" loading=\"lazy\" alt=\"syslog showing the port knocking events in a terminal window\" data-img-url=\"https:\/\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866193_914_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png\" src=\"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/1724866193_914_How-to-Use-Port-Knocking-on-Linux-and-Why-You.png?resize=646%2C380&#038;ssl=1\" style=\"height:auto;max-width:100%\" title=\"\">  <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":811} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":811,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":89,\"nextBlockCount\":875,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1686} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":17,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":17,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":18,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":18,\"nbrPlacementsScanned\":17,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<ul>\n<li> You see three openSSH entries. These are raised as each port is targeted by the remote knock utility. <\/li>\n<li> When all three stages of the trigger sequence are met, an entry that says &#8220;<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Open_Sesame_(phrase)\">OPEN SESAME,<\/a>&#8221; is logged <\/li>\n<li> The command to insert the rule into the <code>iptables<\/code> rules list is sent. It permits access via SSH on port 22 from the specific IP address of the PC that gave the correct secret knock (192.168.4.23). <\/li>\n<li> The user &#8220;dave&#8221; connects for a few seconds only, and then disconnects. <\/li>\n<li> You see three closeSSH entries. These are raised as each port is targeted by the remote knock utility\u2014it tells the port knocking host to close port 22. <\/li>\n<li> After all three stages are triggered, we get the &#8220;OPEN SESAME&#8221; message again. The command is sent to the firewall to remove the rule. (Why not &#8220;CLOSE SESAME&#8221; when it&#8217;s closing the port? Who knows?) <\/li>\n<\/ul>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":18,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":18,\"nbrPlacementsScanned\":18,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":786} --><\/p>\n<p> Now the only rule in the <code>iptables<\/code> rules list regarding port 22 is the one we typed at the beginning to close that port. So, port 22 is now closed again. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":18,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":18,\"nbrPlacementsScanned\":18,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":940} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":19,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":19,\"nbrPlacementsScanned\":18,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":19,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":19,\"nbrPlacementsScanned\":19,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":0} --><\/p>\n<h2 id=\"knock-it-on-the-head\"><span class=\"ez-toc-section\" id=\"Knock_It_on_the_Head\"><\/span> Knock It on the Head <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> That&#8217;s port knocking&#8217;s parlor trick. Treat it as a diversion and don&#8217;t do it in the real world. Or, if you must, don&#8217;t rely on it as your only form of security. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":19,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":19,\"nbrPlacementsScanned\":19,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":178} -->\n <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Key Takeaways Port knocking is a method of securing a server by closing firewall ports and allowing access only if a specific sequence of connection attempts is made. Port knocking should not be relied upon as the sole form of security, as it can be easily breached if the secret knock is revealed. Port knocking &#8230; <a title=\"How to Use Port Knocking on Linux (and Why You Shouldn&#8217;t)\" class=\"read-more\" href=\"https:\/\/goodwriterz.com\/site\/how-to-use-port-knocking-on-linux-and-why-you-shouldnt\/\" aria-label=\"Read more about How to Use Port Knocking on Linux (and Why You Shouldn&#8217;t)\">\u0625\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":15262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[42,43],"class_list":["post-15261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-linux","tag-linux-macos-terminal"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/How-to-Use-Port-Knocking-on-Linux-and-Why-You.jpg?fit=2100%2C1400&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts\/15261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/comments?post=15261"}],"version-history":[{"count":0,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts\/15261\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/media\/15262"}],"wp:attachment":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/media?parent=15261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/categories?post=15261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/tags?post=15261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}