Пользователь
add action=jump chain=input comment="KnockKnockKnock icmp look" dst-address=\ *.*.*.* in-interface=pppoe-out1 jump-target=KnockKnockKnock log=yes \ log-prefix=RDP packet-size=41-49 protocol=icmp add action=add-src-to-address-list address-list=RDP_level_1 \ address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-1 \ dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \ packet-size=48 protocol=icmp add action=add-src-to-address-list address-list=RDP_level_2 \ address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-2 \ dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \ packet-size=44 protocol=icmp src-address-list=RDP_level_1 add action=add-src-to-address-list address-list=RDP_level_3 \ address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-3 \ dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \ packet-size=47 protocol=icmp src-address-list=RDP_level_2 add action=add-src-to-address-list address-list=RDP_allow \ address-list-timeout=10m chain=KnockKnockKnock comment=RDP-level-4 \ dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \ packet-size=42 protocol=icmp src-address-list=RDP_level_3 add action=return chain=KnockKnockKnock log=yes log-prefix=RDP
Но присмотрелся к конфигу — теперь понимаю.
Почему не использовали такую старую фишку в порт кнокинге, как размер пакета?
add action=jump chain=input comment="KnockKnockKnock icmp look" dst-address=\
*.*.*.* in-interface=pppoe-out1 jump-target=KnockKnockKnock log=yes \
log-prefix=RDP packet-size=41-49 protocol=icmp
add action=add-src-to-address-list address-list=RDP_level_1 \
address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-1 \
dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \
packet-size=48 protocol=icmp
add action=add-src-to-address-list address-list=RDP_level_2 \
address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-2 \
dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \
packet-size=44 protocol=icmp src-address-list=RDP_level_1
add action=add-src-to-address-list address-list=RDP_level_3 \
address-list-timeout=5s chain=KnockKnockKnock comment=RDP-level-3 \
dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \
packet-size=47 protocol=icmp src-address-list=RDP_level_2
add action=add-src-to-address-list address-list=RDP_allow \
address-list-timeout=10m chain=KnockKnockKnock comment=RDP-level-4 \
dst-address=*.*.*.* in-interface=pppoe-out1 log=yes log-prefix=RDP \
packet-size=42 protocol=icmp src-address-list=RDP_level_3
add action=return chain=KnockKnockKnock log=yes log-prefix=RDP