'FireWall KNock OPerator': a port knocker to Linux servers
fwknop stands for the 'FireWall KNock OPerator', and implements an authorization scheme called Single Packet Authorization (SPA) that is based around Netfilter and libpcap. SPA requires only a single encrypted packet in order to communicate various pieces of information including desired access through a Netfilter policy and/or complete commands to execute on the target system. By using Netfilter to maintain a 'default drop' stance, the main application of this program is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. The authorization server passively monitors authorization packets via libcap and hence there is no 'server' to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored. This port installs the client side script that you run to gain access to a Linux box.
fwknop stands for the 'FireWall KNock OPerator', and implements an authorization scheme called Single Packet Authorization (SPA) that is based around Netfilter and libpcap. SPA requires only a single encrypted packet in order to communicate various pieces of information including desired access through a Netfilter policy and/or complete commands to execute on the target system. By using Netfilter to maintain a 'default drop' stance, the main application of this program is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. The authorization server passively monitors authorization packets via libcap and hence there is no 'server' to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored. This port installs the client side script that you run to gain access to a Linux box.
To install fwknop-client, run the following command in macOS terminal (Applications->Utilities->Terminal)
sudo port install fwknop-client
To see what files were installed by fwknop-client, run:
port contents fwknop-client
To later upgrade fwknop-client, run:
sudo port selfupdate && sudo port upgrade fwknop-client
Reporting an issue on MacPorts Trac
The MacPorts Project uses a system called Trac to file tickets to report bugs and enhancement requests.
Though anyone may search Trac for tickets, you must have a GitHub account in order to login to Trac to create tickets.