ipt_pkd 1.13

An extension for the iptables firewall application that implements port knock detection

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in ipt_pkd 1.12:

  • This version fixes a bug in knock.py when sending a knock to a site not in the configuration file or when the configuration file doesn't exist.
Read full changelog
send us
an update
GPL (GNU General Public License) 
3.2/5 21
ROOT \ Security
1 ipt_pkd Screenshot:
ipt_pkd - ipt_pkd is an iptables extension that can implement a port knock detection system
ipt_pkd is a free command-line software that provides an open-source iptables extension that has been designed from the ground up to implement a port knock detection system with SPA (Single Packet Authorization) functionality.

Divided in three important parts

The project is divided in three important parts, the kernel module, a user space client knock program, and the iptables user space module, called libipt_pkd.so. ipt_pkd is capable of verifying a packet with SHA256, as well as to check the time window of a packet. However, it does not sends the shared key and has limited proc support.

How does it work?

ipt_pkd’s knock packet can be described as a SHA256 has of a small header, a timestamp, a shared key and some random bytes sent via the UDP (User Datagram Protocol) protocol. Both the random bytes and the timestamp are passed in the packet, in order for the server to create the SHA256 hash and do a results comparison. If they match, the pkd module will return true. If not, it will return false.

I want to see some examples!

A simple example of using the ipt_pkd package is for protecting a SSH (Secure Shell) connection on port 22. Using the iptables rules displayed below, any new SSH connection attempt will be dropped, unless a valid knock packet is provided:

iptables -A INPUT -p udp -m pkd --key test --tag SSHK -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j REJECT --reject-with tcp-reset

It has only three options

As mentioned, ipt_pkd is a command-line applications that runs on a console environment, using an X11 terminal emulator or directly from a text-mode session. It has only three options, one that sets a shared key, one that sets the time in seconds, and another one that sets the tag for the knock key.

ipt_pkd was reviewed by , last updated on September 9th, 2014

#iptables extension #port knock detection #firewall rules #iptables #firewall #port #knock

Add your review!