fwknop 1.8.1

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme based around Netfilter and libpcap that requires only a single encrypted packet in order to communicate various pieces of information including desired access through a Netfilter policy and/or complete commands to execute on the target system.
By using Netfilter to maintain a "default drop" stance, the main application of this program is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult.
The authorization server passively monitors authorization packets via libcap and hence there is no "server" to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored.
This method is similar to the Single Packet Authorization scheme proposed by Simple Nomad and the folks at NMRC
fwknop project was also the first tool to combine traditional encrypted port knocking with passive OS fingerprinting. This makes it possible to do things like only allow, say, Linux-2.4/2.6 systems to connect to your SSH daemon.
Enhancements:
- A bugfix to ensure that the "keep-state" directive is added to firewall rules on systems running the ipfw firewall.
- The --Save-packet and --Save-packet-file command line arguments have been added to the fwknop client.
- These options instruct fwknop to save a copy of an encrypted SPA packet before it is sent across the network.
- A bugfix to find the minimal unused ipfw rule number for ipfw firewalls.
- This fixes an issue where ipfw rules added by fwknopd could be inserted at the same position as rules from an existing ipfw policy.