Nice idea, I like it!
It probably should be elaborated on a bit (as suggested in some of the
articles) to prevent easy detection of a "knock" taking place (a nice
alternative, which could also be elaborated on and/or combined with the
usual "knock": http://doorman.sourceforge.net)
I guess a "test" implementation could be done with no changes to
m0n0wall, simply by making a small daemon running on a machine recieving
syslog messages from m0n0wall and using http to make the changes to the
rules (assuming this can't be done more easily in other ways, such as
Of course a usable implementation should either reside completely on
m0n0wall, or depend on a better way to monitor the filter log and change
the firewall rules from a local machine running the "knocker daemon".
Don Gray wrote:
> Anyone read these articles? Any ideas how to implement with m0n0wall/IPFilter? It's an