I currently have a router setup with a multitude of dst-nat/forward chains and input chains to allow certain dst-nat activities when connecting to the correct port.
Right now, these rules are always open for those with correct authentication and port numbers etc.
I like port knocking setups in that it allows you to connect from the same device that you knocked from, however, I would like a slightly simpler setup where:
- Any device can knock the ports in the right order
- Once the port knock is successful, all my forward/dst-nat chains are available for anyone to connect for one hour, after which they become unavailable again.
e.g. I want to be able to execute the knock on my phone, and then connect to my network resources from my laptop.
If the knock is not executed, the firewall blocks all incoming connections.
Any easy way to achieve this?