Versions Compared

Old Version 12

changes.mady.by.user Unknown User (0testing)

Saved on

compared with

New Version 13

changes.mady.by.user Normunds R.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Use a passphrase for each knock

You could go even further by sending a passphrase with each knock.

Info
titleWarning

Layer7 rules are very resource intensive. Do not use unless you know what you are doing.


Expand
titleYou could go even further by sending a passphrase with each knock.

Then create a layer7 regex check that can be requested on the knock rule.

/ip firewall layer7-protocol add name=pass regexp="^passphrase/$"
/ip firewall filter
add action=add-src-to-address-list address-list=888 address-list-timeout=30s chain=input dst-port=888 in-interface-list=WAN protocol=udp layer7-protocol=passVGhlbiBjcmVhdGUgYSBsYXllcjcgcmVnZXggY2hlY2sgdGhhdCBjYW4gYmUgcmVxdWVzdGVkIG9uIHRoZSBrbm9jayBydWxlLgoKL2lwIGZpcmV3YWxsIGxheWVyNy1wcm90b2NvbCBhZGQgbmFtZT1wYXNzIHJlZ2V4cD0iXnBhc3NwaHJhc2UvJCIKL2lwIGZpcmV3YWxsIGZpbHRlcgphZGQgYWN0aW9uPWFkZC1zcmMtdG8tYWRkcmVzcy1saXN0IGFkZHJlc3MtbGlzdD04ODggYWRkcmVzcy1saXN0LXRpbWVvdXQ9MzBzIGNoYWluPWlucHV0IGRzdC1wb3J0PTg4OCBpbi1pbnRlcmZhY2UtbGlzdD1XQU4gcHJvdG9jb2w9dWRwIGxheWVyNy1wcm90b2NvbD1wYXNz