On Sun, May 16, 2010 at 11:51 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > It doesn't use the much simpler -m pknock from Xtables-addons ;) Thanks for the replies, folks. I've looked at both fwknop and xtables-addons before, but I wanted to start with something using raw iptables rules, especially since neither of those solutions are in the current stable Debian distribution. I note that xtables-addons is in squeeze and don't mind trying it out in the next distro. I know that there are more elegant solutions out there, but the basics should still work. For now, is there anything obviously wrong in my ruleset that would make it not match the forwarding rule? For example, is it a problem that I set the recent match in (a subchain of) the INPUT chain but I test against it in the FORWARD chain? Any pointers would be appreciated. Even if I eventually abandon this scheme, I also have a purely academic interest of better understanding the recent match. Thanks again! --Mike -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
