My setup:
Debian Testing (up to date) Kernel 2.6.24
My router has a firewall with the SSH port open. I run a FireStarter software firewall, which blocks SSH access, on my computer together with Knockd.
Knockd runs a script which adds or deletes an IPTables rule to allow SSH access. The knockd script part works insamuch as it adds the required rule.
The problem is that the firewall on my computer still blocks SSH access. This is so that I can access my computer when away from home and that's the only time I can test or try it consequently it's all rather long winded. SSH access is by key only and login is prohibited.
First I added a rule to allow SSH access using the FireStarter GUI interface then I had a look at an IPTables listing to see what it had generated. I used that rule in my knockd script. The next time I went away I found that it didn't work - I still couldn't get access.
The last rule I tried I had modified myself after reading the man pages and that didn't work either. So I'm now stumped.
This is my last effort:
iptables -A INPUT -p tcp --dport 22:22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --dport 22:22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
I don't know whether the UDP rule is required but I thought it wouldn't do any harm.
If anyone can point out what I'm doing wrong I'd be most grateful.