Skip to content

Commit

Permalink
minor documentation update
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrash
mrash committed Aug 6, 2018
1 parent b4c75d1 commit e191e49
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
5 changes: 3 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@ to drop all attempts to connect to services such as SSH in order to make the
exploitation of vulnerabilities (both 0-day and unpatched code) more difficult.
Because there are no open ports, any service that is concealed by SPA naturally
cannot be scanned for with Nmap. The fwknop project supports four different
firewalls: firewalld and iptables on Linux systems, pf on OpenBSD, and ipfw on
FreeBSD and Mac OS X.
firewalls: iptables, firewalld, PF, and ipfw across Linux, OpenBSD, FreeBSD,
and Mac OS X. There is also support for custom scripts so that fwknop can be
made to support other infrastructure such as ipset or nftables.

SPA is essentially next generation Port Knocking (PK), but solves many of the
limitations exhibited by PK while retaining its core benefits. PK limitations
Expand Down
7 changes: 4 additions & 3 deletions doc/fwknop.man.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ firewall to drop all attempts to connect to services such as 'SSH' in order
to make the exploitation of vulnerabilities (both 0-day and unpatched code)
more difficult. Any service that is concealed by SPA naturally cannot be
scanned for with 'Nmap'. The fwknop project natively supports four different
firewalls: 'iptables' and 'firewalld' on Linux systems, 'pf' on OpenBSD, and
'ipfw' on FreeBSD and Mac OS X.
firewalls: 'iptables', 'firewalld', 'PF', and 'ipfw' across Linux, OpenBSD,
FreeBSD, and Mac OS X. There is also support for custom scripts so that fwknop
can be made to support other infrastructure such as 'ipset' or 'nftables'.

SPA is essentially next generation Port Knocking (PK), but solves many of the
limitations exhibited by PK while retaining its core benefits. PK limitations
Expand Down Expand Up @@ -110,7 +111,7 @@ Also, *fwknop* can send the SPA packet over a random port via the

The *fwknop* client is quite portable, and is known to run on various Linux
distributions (all major distros and embedded ones such as OpenWRT as well),
FreeBSD, OpenBSD, and Cygwin on Windows. There is also a library *libfko*
FreeBSD, OpenBSD, Mac OS X, and Cygwin on Windows. There is also a library *libfko*
that both *fwknop* and *fwknopd* use for SPA packet encryption/decryption
and HMAC authentication operations. This library can be used to allow
third party applications to use SPA subject to the terms of the GNU
Expand Down

0 comments on commit e191e49

Please sign in to comment.