FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 06-07-2011, 02:33 PM
"Steven Buehler"
 
Default open port in iptables for specific lenght of time

I have been googling for this and haven't found it. I know I have seen it
before and thought that it was an iptables command and not a separate
script, but I can't remember as it has been a while since I have seen it.
What I want to do is to open a port on the firewall with iptables for a set
time, like 5 hours and then after 5 hours, it will close the port again.
Can anybody point me in the right direction, or if it is a command of
iptables, maybe post that for me?



We have a system that is locked down and you have to use a key to get ssh
access to it. We have employees and customers that are on dynamic IP's that
keep switching. They don't have root access. What I am trying to do is
create a script that they can log into and it will get their current IP
address and open the firewall for a specified length of time. Once open,
they would still have to use their public/private key to ssh into it. I
agree this isn't perfect, but it is better than just leaving that port open
to the world all the time.



Any help would be appreciated



thanks

Steve

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-07-2011, 02:42 PM
cliff here
 
Default open port in iptables for specific lenght of time

I know it's not exactly the same, but have you ever considered 'port
knocking' ?

On Tue, Jun 7, 2011 at 10:33 AM, Steven Buehler <steve@ibushost.com> wrote:

> I have been googling for this and haven't found it. I know I have seen it
> before and thought that it was an iptables command and not a separate
> script, but I can't remember as it has been a while since I have seen it.
> What I want to do is to open a port on the firewall with iptables for a set
> time, like 5 hours and then after 5 hours, it will close the port again.
> Can anybody point me in the right direction, or if it is a command of
> iptables, maybe post that for me?
>
>
>
> We have a system that is locked down and you have to use a key to get ssh
> access to it. We have employees and customers that are on dynamic IP's
> that
> keep switching. They don't have root access. What I am trying to do is
> create a script that they can log into and it will get their current IP
> address and open the firewall for a specified length of time. Once open,
> they would still have to use their public/private key to ssh into it. I
> agree this isn't perfect, but it is better than just leaving that port open
> to the world all the time.
>
>
>
> Any help would be appreciated
>
>
>
> thanks
>
> Steve
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
-------------------------------------------------------------------------------------------------------------------------------------
NOTICE: This message, including all attachments, is intended for the use of
the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient, or the employee or agent responsible for delivering this message
to its intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify the sender
immediately by replying "Received in error" and immediately delete this
message and all its attachments.
-------------------------------------------------------------------------------------------------------------------------------------
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-07-2011, 02:55 PM
eugenejvr
 
Default open port in iptables for specific lenght of time

Look at this...
http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

hope it helps

--

Eugene Jansen van Rensburg
eMail: eugenejvr@gmail.com

"Quit is NOT an option"


On Tue, Jun 7, 2011 at 16:33, Steven Buehler <steve@ibushost.com> wrote:
>
> I have been googling for this and haven't found it. *I know I have seen it
> before and thought that it was an iptables command and not a separate
> script, but I can't remember as it has been a while since I have seen it.
> What I want to do is to open a port on the firewall with iptables for a set
> time, like 5 hours and then after 5 hours, it will close the port again.
> Can anybody point me in the right direction, or if it is a command of
> iptables, maybe post that for me?
>
>
>
> We have a system that is locked down and you have to use a key to get ssh
> access to it. *We have employees and customers that are on dynamic IP's that
> keep switching. *They don't have root access. *What I am trying to do is
> create a script that they can log into and it will get their current IP
> address and open the firewall for a specified length of time. Once open,
> they would still have to use their public/private key to ssh into it. *I
> agree this isn't perfect, but it is better than just leaving that port open
> to the world all the time.
>
>
>
> Any help would be appreciated
>
>
>
> thanks
>
> Steve
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-07-2011, 03:06 PM
"Steven Buehler"
 
Default open port in iptables for specific lenght of time

I saw something on that in my googling using knockd. But we have a few
customers that need access and it is hard enough trying to tell them how to
just ssh with a key. In fact, a lot of them have to have it set up for them
as they are not computer type people. The employees we have would be able
to do it though.

> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:redhat-list-
> bounces@redhat.com] On Behalf Of cliff here
> Sent: Tuesday, June 07, 2011 9:42 AM
> To: General Red Hat Linux discussion list
> Subject: Re: open port in iptables for specific lenght of time
>
> I know it's not exactly the same, but have you ever considered 'port
> knocking' ?
>
> On Tue, Jun 7, 2011 at 10:33 AM, Steven Buehler <steve@ibushost.com>
> wrote:
>
> > I have been googling for this and haven't found it. I know I have
> > seen it before and thought that it was an iptables command and not a
> > separate script, but I can't remember as it has been a while since I
have
> seen it.
> > What I want to do is to open a port on the firewall with iptables for
> > a set time, like 5 hours and then after 5 hours, it will close the port
again.
> > Can anybody point me in the right direction, or if it is a command of
> > iptables, maybe post that for me?
> >
> >
> >
> > We have a system that is locked down and you have to use a key to get
> > ssh access to it. We have employees and customers that are on dynamic
> > IP's that keep switching. They don't have root access. What I am
> > trying to do is create a script that they can log into and it will get
> > their current IP address and open the firewall for a specified length
> > of time. Once open, they would still have to use their public/private
> > key to ssh into it. I agree this isn't perfect, but it is better than
> > just leaving that port open to the world all the time.
> >
> >
> >
> > Any help would be appreciated
> >
> >
> >
> > thanks
> >
> > Steve
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
>
----------------------------------------------------------------------------
------------------
> ---------------------------------------
> NOTICE: This message, including all attachments, is intended for the use
of
> the individual or entity to which it is addressed and may contain
information
> that is privileged, confidential and exempt from disclosure under
applicable
> law. If the reader of this message is not the intended recipient, or the
> employee or agent responsible for delivering this message to its intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
this
> communication in error, please notify the sender immediately by replying
> "Received in error" and immediately delete this message and all its
> attachments.
>
----------------------------------------------------------------------------
------------------
> ---------------------------------------
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 07:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org