I have a need to put a private linux device on the internet. As such, I need it to be protected with a firewall. There are various services that remote users need access to, but I don't want anyone to be able to nmap it and get any kind of ideas about the box. I have devised the following acceptable scheme: A firewall that rejects all traffic to everyone, except for one port. This one port is used to authenticate an IP address through a challenge/response algorithm. If successful, the IP is then allowed through the firewall. After a period of idle time, the IP is removed from the allow table. This seems like simple way to protect the box from script kiddies. Does anyone know of a product like this in existence? Even if nothing exists, I figure it would be relatively straight forward but I do not know if I'd need to modify the kernel for idle time, and what kind of challenge/response to use. Thanks! __________________________________________________________________________________________
