Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Feature Request: Port-Knocking for OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Feature Request: Port-Knocking for OPNsense (Read 143 times)
karm
Newbie
Posts: 1
Karma: 0
Feature Request: Port-Knocking for OPNsense
«
on:
November 04, 2024, 02:58:36 pm »
Hello OPNsense development team,
I would like to suggest adding a native port-knocking feature in OPNsense and simple gui interface. Like you know, Port-knocking is a security mechanism that allows securing access to open ports by requiring a sequence of "knocks" to open a specific port, which can be particularly useful for sensitive services such as SSH or VPN.
Including this feature in OPNsense would allow users to easily add an extra layer of security without the need to install third-party software. This would make firewall rule management more secure for users needing safe remote access.
Thank you for considering this suggestion!
Best regards,
Logged
Monviech
Global Moderator
Hero Member
Posts: 1509
Karma: 171
Re: Feature Request: Port-Knocking for OPNsense
«
Reply #1 on:
November 04, 2024, 04:08:01 pm »
Hello,
isn't port knocking with a predefined sequence just security through obscurity?
https://en.wikipedia.org/wiki/Security_through_obscurity
Making sure the service behind the port is secure is highly preferred.
There are more powerful features for blocking automated port scans like the included suricata IDS/IPS.
Logged
Hardware:
DEC740
Seimus
Hero Member
Posts: 587
Karma: 57
Re: Feature Request: Port-Knocking for OPNsense
«
Reply #2 on:
November 06, 2024, 01:19:35 am »
Quote
isn't port knocking with a predefined sequence just security through obscurity?
Yes it is
Relaying on this feature to "increase security" is in today measurement more or less a placebo effect.
Regards,
S.
Logged
Networking is love. You may hate it, but in the end, you always come back to it.
OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G -
VM HA(SOON)
N100 - i226-V | Crucial 16G 4800 DDR5 | S 980 500G -
PROD
bimbar
Sr. Member
Posts: 429
Karma: 25
Re: Feature Request: Port-Knocking for OPNsense
«
Reply #3 on:
November 06, 2024, 11:44:01 am »
I wouldn't call it security through obscurity, it's more like an unencrypted password.
Not very safe though.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Feature Request: Port-Knocking for OPNsense