Simple iptables based portknocking implementation

firewall.sh port1 port2 port3 port4 port5 port6 port7 port8 port9 port10

Uses the recent module to manage lists of IPs and where they are in the knock
sequence. Once an IP reaches knock 10, their next connection will be accepted.
The rule to accept established connections then applies.

totportlist.sh keyfile

Uses the method described in RFC 6238 for time-based one-time password
generation to generate a port sequence instead. Instead of truncating the
resulting SHA1 digest, it is interpreted as a sequence of 10 16 bit port
numbers. The keyfile must be in a format accepted by your HMAC implementation.
Since the algorithm can generate random ports over the entire allowed range,
it's possible to generate knock sequences involving port 0 or an open port.

knock.sh port1 port2 port3 port4 port5 port6 port7 port8 port9 port10

Uses netcat to attempt connections to each of the 10 ports in order. The
attempts are backgrounded so we don't have to wait for every timeout, but this
means you may need to adjust the length of the sleep command (I'm assuming the
use of an implementation that supports fractional times--otherwise you're
better off just doing nc -w 1 -q 1 "$@"). The -q option and redirection from
standard input makes sure we don't hang if a port happens to be open.

COPYRIGHT
	Copyright 2012 Carl D Hamann
	Copying and distribution of this file, with or without modification,
	are permitted in any medium without royalty provided the copyright
	notice and this notice are preserved.  This file is offered as-is,
	without any warranty.