...
Use a passphrase for each knock
You could go even further by sending a passphrase with each knock.
Info |
---|
|
Layer7 rules are very resource intensive. Do not use unless you know what you are doing. |
Expand |
---|
title | You could go even further by sending a passphrase with each knock. |
---|
|
Then create a layer7 regex check that can be requested on the knock rule. /ip firewall layer7-protocol add name=pass regexp="^passphrase/$" /ip firewall filter add action=add-src-to-address-list address-list=888 address-list-timeout=30s chain=input dst-port=888 in-interface-list=WAN protocol=udp layer7-protocol=passVGhlbiBjcmVhdGUgYSBsYXllcjcgcmVnZXggY2hlY2sgdGhhdCBjYW4gYmUgcmVxdWVzdGVkIG9uIHRoZSBrbm9jayBydWxlLgoKL2lwIGZpcmV3YWxsIGxheWVyNy1wcm90b2NvbCBhZGQgbmFtZT1wYXNzIHJlZ2V4cD0iXnBhc3NwaHJhc2UvJCIKL2lwIGZpcmV3YWxsIGZpbHRlcgphZGQgYWN0aW9uPWFkZC1zcmMtdG8tYWRkcmVzcy1saXN0IGFkZHJlc3MtbGlzdD04ODggYWRkcmVzcy1saXN0LXRpbWVvdXQ9MzBzIGNoYWluPWlucHV0IGRzdC1wb3J0PTg4OCBpbi1pbnRlcmZhY2UtbGlzdD1XQU4gcHJvdG9jb2w9dWRwIGxheWVyNy1wcm90b2NvbD1wYXNz |