Re: Reflexive firewalls?

[Brian Ford <brford () cisco com>]

Ong,

I believe you are talking about "port knocking" and not a reflexive
firewall.  

For an example of a 'reflexive' type firewall Google for "reflexive ACL".

Liberty,

Brian

On 1/27/09 8:11 AM, "mgk.mailing" <mgk.mailing () googlemail com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi
>
> That sound like the user-auth feature on juniper firewalls, you telnet /
> http to the target and once authenticated it allows you to ssh etc as
> per rules setup.  Its not great but a useful tool, as it opens up the
> policy to all at the source address of the successfully authenticated user.
>
> /Mgk
>
> Ong Chin Kiat wrote:
> > Hi list,
> >
> > I've recently used an SSH server that had an interesting authentication
> > mechanism. You first had to telnet to the machine on a certain port.
> > After doing this (it will just time out - no prompt), you then SSH to
> > the server in question. The telnet step has to be carried out, if not
> > SSH will just time out.
> >
> > My question is, is this called reflexive firewalling, and can I
> > duplicate this with iptables?
> >
> > Thanks.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl/CA4ACgkQPxFiS6Ou+MyiogCeMiVXnG4GyhlAXPkr7kwHu7Wy
> uB0AmgMJiUTMXZBRB5TF23Ds8rA1UGWo
> =eKXO
> -----END PGP SIGNATURE-----