I saw something on that in my googling using knockd. But we have a few customers that need access and it is hard enough trying to tell them how to just ssh with a key. In fact, a lot of them have to have it set up for them as they are not computer type people. The employees we have would be able to do it though. > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of cliff here > Sent: Tuesday, June 07, 2011 9:42 AM > To: General Red Hat Linux discussion list > Subject: Re: open port in iptables for specific lenght of time > > I know it's not exactly the same, but have you ever considered 'port > knocking' ? > > On Tue, Jun 7, 2011 at 10:33 AM, Steven Buehler <steve@xxxxxxxxxxxx> > wrote: > > > I have been googling for this and haven't found it. I know I have > > seen it before and thought that it was an iptables command and not a > > separate script, but I can't remember as it has been a while since I have > seen it. > > What I want to do is to open a port on the firewall with iptables for > > a set time, like 5 hours and then after 5 hours, it will close the port again. > > Can anybody point me in the right direction, or if it is a command of > > iptables, maybe post that for me? > > > > > > > > We have a system that is locked down and you have to use a key to get > > ssh access to it. We have employees and customers that are on dynamic > > IP's that keep switching. They don't have root access. What I am > > trying to do is create a script that they can log into and it will get > > their current IP address and open the firewall for a specified length > > of time. Once open, they would still have to use their public/private > > key to ssh into it. I agree this isn't perfect, but it is better than > > just leaving that port open to the world all the time. > > > > > > > > Any help would be appreciated > > > > > > > > thanks > > > > Steve > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > ---------------------------------------------------------------------------- ------------------ > --------------------------------------- > NOTICE: This message, including all attachments, is intended for the use of > the individual or entity to which it is addressed and may contain information > that is privileged, confidential and exempt from disclosure under applicable > law. If the reader of this message is not the intended recipient, or the > employee or agent responsible for delivering this message to its intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received this > communication in error, please notify the sender immediately by replying > "Received in error" and immediately delete this message and all its > attachments. > ---------------------------------------------------------------------------- ------------------ > --------------------------------------- > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
