RE: open port in iptables for specific lenght of time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I saw something on that in my googling using knockd.  But we have a few
customers that need access and it is hard enough trying to tell them how to
just ssh with a key.  In fact, a lot of them have to have it set up for them
as they are not computer type people.  The employees we have would be able
to do it though.

> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of cliff here
> Sent: Tuesday, June 07, 2011 9:42 AM
> To: General Red Hat Linux discussion list
> Subject: Re: open port in iptables for specific lenght of time
> 
> I know it's not exactly the same, but have you ever considered 'port
> knocking' ?
> 
> On Tue, Jun 7, 2011 at 10:33 AM, Steven Buehler <steve@xxxxxxxxxxxx>
> wrote:
> 
> > I have been googling for this and haven't found it.  I know I have
> > seen it before and thought that it was an iptables command and not a
> > separate script, but I can't remember as it has been a while since I
have
> seen it.
> > What I want to do is to open a port on the firewall with iptables for
> > a set time, like 5 hours and then after 5 hours, it will close the port
again.
> > Can anybody point me in the right direction, or if it is a command of
> > iptables, maybe post that for me?
> >
> >
> >
> > We have a system that is locked down and you have to use a key to get
> > ssh access to it.  We have employees and customers that are on dynamic
> > IP's that keep switching.  They don't have root access.  What I am
> > trying to do is create a script that they can log into and it will get
> > their current IP address and open the firewall for a specified length
> > of time. Once open, they would still have to use their public/private
> > key to ssh into it.  I agree this isn't perfect, but it is better than
> > just leaving that port open to the world all the time.
> >
> >
> >
> > Any help would be appreciated
> >
> >
> >
> > thanks
> >
> > Steve
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> 
> --
>
----------------------------------------------------------------------------
------------------
> ---------------------------------------
> NOTICE: This message, including all attachments, is intended for the use
of
> the individual or entity to which it is addressed and may contain
information
> that is privileged, confidential and exempt from disclosure under
applicable
> law. If the reader of this message is not the intended recipient, or the
> employee or agent responsible for delivering this message to its intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
this
> communication in error, please notify the sender immediately by replying
> "Received in error" and immediately delete this message and all its
> attachments.
>
----------------------------------------------------------------------------
------------------
> ---------------------------------------
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux