moregeek/ferm.conf

## ferm.conf
domain (ip) {
    table filter {

        #
        # Subchains: Portknocking
        # ################################################################################
        chain PORT_KNOCKING_1 {
            protocol tcp {
              mod recent name "port_knock_seq_01" set NOP;
            }
            DROP;
        }

        chain PORT_KNOCKING_2 {
            protocol tcp {
              mod recent name "port_knock_seq_01" remove NOP;
              mod recent name "port_knock_seq_02" set NOP;
            }
            DROP;
        }

        chain PORT_KNOCKING_3 {
            protocol tcp {
              mod recent name "port_knock_seq_02" remove NOP;
              mod recent name "port_knock_seq_03" set NOP;
            }
            DROP;
        }
        ################################################################################

        chain INPUT {
            policy DROP;

            proto tcp {

                #
                # Port knocking stuff
                ################################################################################
                dport 10000 {  mod recent    set name "port_knock_seq_01"             jump PORT_KNOCKING_1; }
                dport 20000 {  mod recent rcheck name "port_knock_seq_01" seconds 10  jump PORT_KNOCKING_2; }
                dport 30000 {  mod recent rcheck name "port_knock_seq_02" seconds 10  jump PORT_KNOCKING_3; }
                ################################################################################

                # allow SSH connections
                dport ssh {
                    mod recent rcheck name "port_knock_seq_03" seconds 120 ACCEPT; # open for ip with right port knocking sequence
                    DROP;
                }

                DROP;
            }
        }

        chain OUTPUT {
          ...
        }

        chain FORWARD {
          ...
        }
    }
} # domain
	domain (ip) {
	table filter {

	#
	# Subchains: Portknocking
	# ################################################################################
	chain PORT_KNOCKING_1 {
	protocol tcp {
	mod recent name "port_knock_seq_01" set NOP;
	}
	DROP;
	}

	chain PORT_KNOCKING_2 {
	protocol tcp {
	mod recent name "port_knock_seq_01" remove NOP;
	mod recent name "port_knock_seq_02" set NOP;
	}
	DROP;
	}

	chain PORT_KNOCKING_3 {
	protocol tcp {
	mod recent name "port_knock_seq_02" remove NOP;
	mod recent name "port_knock_seq_03" set NOP;
	}
	DROP;
	}
	################################################################################

	chain INPUT {
	policy DROP;

	proto tcp {

	#
	# Port knocking stuff
	################################################################################
	dport 10000 { mod recent set name "port_knock_seq_01" jump PORT_KNOCKING_1; }
	dport 20000 { mod recent rcheck name "port_knock_seq_01" seconds 10 jump PORT_KNOCKING_2; }
	dport 30000 { mod recent rcheck name "port_knock_seq_02" seconds 10 jump PORT_KNOCKING_3; }
	################################################################################

	# allow SSH connections
	dport ssh {
	mod recent rcheck name "port_knock_seq_03" seconds 120 ACCEPT; # open for ip with right port knocking sequence
	DROP;
	}

	DROP;
	}
	}

	chain OUTPUT {
	...
	}

	chain FORWARD {
	...
	}
	}
	} # domain