Portknocking-Daemon-GUI or Package –> {CANCELED}

heiko

Hello Daniel,
please search the forum….too much money?
Greetings from Germany

heiko

please take a look at the time-based-rule thread…..

heiko

has anybody interest in "portknocking", otherwise i will kill the offer….

Now i boost the bounty to 350 €. That´s it.

sullrich

I am interested but we need to finish the time based rules support.

heiko

but with killing of the states at the expiration! ;D

Do you really interested? We can arrange a little bit later, 4 weeks i think. I go to russia in 6-8 weeks and change checkpoint to PFSENSE.

nima.m

Heiko,
Are you going to replace Nokia Checkpoint firewall with Pfsense ?

Nokia Checkpoint firewall  is one the most advance firewall that corporate use these days.

Scott, you must be very proud now, aren't you ? :-)

heiko

Yes i do, on our own hardware, not nokia, we change checkpoint to pfsense…..checkpoint ist really good, but you need for each loacation a truck of money for support, upgrade etc. ......

i can map all my feature requests with pfsense, and i don´t know about portknocking on Checkpoint ;D
Greetings from germany
heiko

--> i would rather speak about this bounty and portknocking.

--> Anybody interest?? really?? Not minor points! Excuse me........

heiko

Hello,

the bounty is now set to 500 €. We can arrange anything of this bounty up to the due state " 01.05.2007". Thereafter i will kill this bounty.

Greetings
heiko

Justinw

Outside the US most people do day/month/year if that makes more sense to people reading this post, not that it is my place, but I thought it needed to be clarified.  So if I'm reading it right, it won't be over for a month and a half

heiko

Excuse me, the german date translation is for other people abnormal, i think..

The offer will be dropped at Year = 2007 ; Month = Mai, Day = 01

I hope, this is undestandable.
Greetings
heiko

sullrich

I will be taking this one on as soon as you declare time based rules a success.

heiko

OK, i am await for finished time based ruled system.Then we could arrange "portknocking"
greetings
heiko

heiko

Hello Scott,
one Extension: I want to blocking countries and i know from another thread, that this is implemented in HEAD. Can you backported this to a productive PFSENSE-RELENG-SNAPSHOT Version?

Portknocking = 500 €
Blocking-Countries= 250 €

Do you disposed to this extension. It would be very nice?

I know, i am a nag…. :)
Greetings from Germany
heiko

sullrich

No, I am affraid not.  We are about to enter beta status as soon as the final Time Based Rules bugs are fixed.

Sorry!  Maybe on next version.

heiko

OK, thanks, then we can arrange the port knocking when the timebased rules are finished

JeGr

Don't want to disturb the thread but I'm curious for what you (or people generally) want to use portknocking for and (if that's generally possible doing with pfsense/freebsd/pf) if authpf wouldn't be a better/other approach to the desired result. Coming from the OpenBSD side I used authpf for quite a few thingies, people want portknocking for, so I thought I should maybe throw this in here.

Greets Grey

sullrich

Yes it is possible: http://doorman.sourceforge.net/

sullrich

Looks like doorman will not be a suitable package as it requires a client to do the knocking….  Need to find a package that works with PF and does not require a client.

heiko

i agree with that. The project is on sourceforge not really active, i think?

cmb

Every port knocking daemon is going to require a client. It could be something as simple as a batch file/shell script that telnets to several ports, but they all need a client of some sort. It's no different from OpenVPN, in that it requires a client that we don't provide.

I say start with doorman, if it doesn't work for some technical or compatibility reason, move on to something else.