fwknop in the OpenWrt and Pentoo Linux Distributions
23 August, 2011
The C version fwknop has now made it into the OpenWrt
Linux distribution for embedded devices. Jonathan Bennett made this possible
by contributing a Makefile
for OpenWrt, and it was picked up the OpenWrt maintainers. It is good to
see progress made towards the integration of
Single Packet Authorization into operating
systems that are designed to function as secure gateway devices between multiple
networks.
So far, fwknop is available in the OpenWrt trunk packages feed, but will eventually become available via the opkg package manager too. Fortunately, OpenWrt makes everything available via git:
$ git clone git://nbd.name/packages.git openwrt_packages.git
Initialized empty Git repository in /home/mbr/src/openwrt_packages.git/.git/
remote: Counting objects: 56118, done.
remote: Compressing objects: 100% (21342/21342), done.
remote: Total 56118 (delta 29694), reused 54875 (delta 29054)
Receiving objects: 100% (56118/56118), 11.85 MiB | 2.57 MiB/s, done.
Resolving deltas: 100% (29694/29694), done.
$ cd openwrt_packages.git
$ git ls-files |grep fwknop
net/fwknop/Makefile
$ git log net/fwknop/Makefile
commit 89475e5d6136833fa3b59c3d47c4f2be02718c7a
Author: florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed Aug 17 10:13:20 2011 +0000
[package] add fwknopd
Signed-off-by; Jonathan Bennett <[email removed]>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@28030 3c298f89-4303-0410-b956-a3cf2f4a3e73
In other news, both the perl and C versions of fwknop are also available in the
Pentoo Linux
distribution thanks to ozmart and the Pentoo maintainers.
Pentoo is a live-cd distribution that is focused on security and derived from
Gentoo. ozmart wrote a description of the
use case for fwknop on Pentoo from a pentration testing perspective:
"...This is a useful script when combined with iptables and sshd. Configuration can accommodate pgp and replay attack checks. It allows the box to appear silent when running daemons if your box is deployed in say, a hostile environment.
It can also allow commands to be run without actually having to log into the box, say if you wanted to trigger something interesting from a remote location..."
