# Netfilter/IPtables - Multiple-port knocking example rules
#
# Note: Knock ports 100, 200, 300, 400 to open SSH port for 5 seconds.
#
# Nice thing to knock TCP with is for instance the `telnet' program:
#
# $> alias K='telnet <host_IP>';
# $> K 100; K 200; K 300; K 400; ssh <host_IP>
#
# Then press <Ctrl-C> 4 times and ... voila!
#
# Or you can even use alternative way of knocking *without* the need of
# pressing <Ctrl-C> with `nmap' program:
#
# $> for PORT in 100 200 300 400; do \
#        nmap -P0 -sT -p$PORT --host_timeout 200 <host_IP>; \
#    done; \
#    ssh <host_IP>
#
# Truly, there is a lot of ways of how to do the knocking; depending on
# your own UNIX imagination.
#
# That's all. Enjoy.

HOST_IP="12.34.56.78"

/sbin/iptables -N INTO-PHASE2
/sbin/iptables -A INTO-PHASE2 -m recent --name PHASE1 --remove
/sbin/iptables -A INTO-PHASE2 -m recent --name PHASE2 --set
/sbin/iptables -A INTO-PHASE2 -j LOG --log-prefix "INTO PHASE2: "

/sbin/iptables -N INTO-PHASE3
/sbin/iptables -A INTO-PHASE3 -m recent --name PHASE2 --remove
/sbin/iptables -A INTO-PHASE3 -m recent --name PHASE3 --set
/sbin/iptables -A INTO-PHASE3 -j LOG --log-prefix "INTO PHASE3: "

/sbin/iptables -N INTO-PHASE4
/sbin/iptables -A INTO-PHASE4 -m recent --name PHASE3 --remove
/sbin/iptables -A INTO-PHASE4 -m recent --name PHASE4 --set
/sbin/iptables -A INTO-PHASE4 -j LOG --log-prefix "INTO PHASE4: "

/sbin/iptables -A INPUT -m recent --update --name PHASE1

/sbin/iptables -A INPUT -p tcp --dport 100 -m recent --set --name PHASE1
/sbin/iptables -A INPUT -p tcp --dport 200 -m recent --rcheck --name PHASE1 -j INTO-PHASE2
/sbin/iptables -A INPUT -p tcp --dport 300 -m recent --rcheck --name PHASE2 -j INTO-PHASE3
/sbin/iptables -A INPUT -p tcp --dport 400 -m recent --rcheck --name PHASE3 -j INTO-PHASE4

/sbin/iptables -A INPUT -p tcp -s $HOST_IP --dport 22 -m recent --rcheck --seconds 5 --name PHASE4 -j ACCEPT