# knockd # 連線主機 安裝`sudo apt install knockd` 修改log位置`sudo sed -i 's/UseSyslog/LogFile = \/var\/log\/knockd.log/g' /etc/knockd.conf` 修改port 序列以及iptables ```shell sudo sed -i 's/7000,8000,9000/63654,59472,31023/g' /etc/knockd.conf sudo sed -i 's/-A/-I/g' /etc/knockd.conf ``` 設定knockd ```shell sudo sed -i 's/START_KNOCKD = 0/START_KNOCKD = 1/g /etc/default/knockd' sudo sed -i 's/eth0/你的網卡名稱/g /etc/default/knockd' ``` 允許以建立的連結及當前對話 封鎖22 port的進入 ```shell sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -p tcp --dport 22 -j REJECT ``` 啟動`sudo service knockd start` 確認沒問題後存檔 sudo bash -c "iptables-save > /etc/iptables/rules.v4" `sudo iptables-save > iptables.conf` 套用設定 `sudo iptables-restore < iptables.conf` 或使用以下工具 `sudo apt install iptables-persistent` `sudo dpkg-reconfigure iptables-persistent` # 客戶端 knock -v ip port port port ssh ... https://cloud.tencent.com/developer/article/1005328