Knockd installation :

Step 1

[root@localhost ~]# wget
[root@localhost ~]# rpmbuild --rebuild knock-0.5-4.src.rpm
[root@localhost ~]# mv /usr/src/redhat/RPMS/i386/knock* /root
[root@localhost ~]# rpm -ivh knock*

Download the source file and compile, then install it

Step 2

[root@localhost ~]# vi /etc/knockd.conf

[options] #UseSyslog LogFile = /var/log/knockd.log Interface = eth0 [opencloseSSH] sequence = 2222:tcp,3333:tcp,4444:tcp seq_timeout = 15 tcpflags = syn start_command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport ssh -j ACCEPT cmd_timeout = 30 stop_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT

Modift the config file, we use the sequence port 2222:tcp,3333:tcp,4444:tcp to knock the program, if it is success, it will open port 22 in iptables for 30 seconds, then it close the 22 port.

Step 3

[root@localhost ~]# chkconfig knockd on
[root@localhost ~]# /etc/init.d/knockd start

Start the program and make auto-start for knockd

Step 4

In client side, we can use 'telent' in window or 'knock' program in window/linux to knockd server :

C:\ telnet 2222
C:\ telnet 3333
C:\ telnet 4444

[root@localhost ~]# knock -v 2222:tcp 3333:tcp 4444:tcp

We can check knockd.login knockd server for client side 'knock' status
Also can check the port 22 is open or not after client's 'knock' is success :

[root@localhost ~]# tail -n100 /var/log/knockd.log
[root@localhost ~]# iptables -L -n

Or download it via official website:

Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.