@cks I thought this function was provided by the BMC.
Maybe you’re looking for something more specific / precise.
I’ll watch to learn more.
@cks I thought this function was provided by the BMC.
Maybe you’re looking for something more specific / precise.
I’ll watch to learn more.
@Kev_Prime @froge @ryanc thank you.
I’ll check sim man pages for syntax.
I’ll also compare the other extensions / targets that I’ve used in the past.
NETMAP and other nefarious packet mangling things are in my wheelhouse.
@Kev_Prime @froge @ryanc from quick glance, it looks like the knock sequence is 123, 234, 345, 456.
It also looks like the 123 rule ads to a set (?nomenclature?) specifying what the next knock should be.
Subsequent rules check the set for pre-population of the current port, and then populates the next port.
Rense, lather, repeat.
Finally check set for prepopulated final port and populate a different set which is used as the final gating check?
Am I close, even if I have the wrong terms?
@Kev_Prime @froge @ryanc what’s the nftables counterpart to the iptables recent match & target?
I make extensive use of it for port knocking in kernel-space without a user-space dependency.