Author Topic: Feature Request: Port-Knocking for OPNsense (Read 345 times)

karm · « **on:** November 04, 2024, 02:58:36 pm »

Hello OPNsense development team,

I would like to suggest adding a native port-knocking feature in OPNsense and simple gui interface. Like you know, Port-knocking is a security mechanism that allows securing access to open ports by requiring a sequence of "knocks" to open a specific port, which can be particularly useful for sensitive services such as SSH or VPN.

Including this feature in OPNsense would allow users to easily add an extra layer of security without the need to install third-party software. This would make firewall rule management more secure for users needing safe remote access.

Thank you for considering this suggestion!

Best regards,

Monviech (Cedrik) · « **Reply #1 on:** November 04, 2024, 04:08:01 pm »

Hello,

isn't port knocking with a predefined sequence just security through obscurity?

https://en.wikipedia.org/wiki/Security_through_obscurity

Making sure the service behind the port is secure is highly preferred.

There are more powerful features for blocking automated port scans like the included suricata IDS/IPS.

Seimus · « **Reply #2 on:** November 06, 2024, 01:19:35 am »

Quote

isn't port knocking with a predefined sequence just security through obscurity?

Yes it is

Relaying on this feature to "increase security" is in today measurement more or less a placebo effect.

Regards,
S.

bimbar · « **Reply #3 on:** November 06, 2024, 11:44:01 am »

I wouldn't call it security through obscurity, it's more like an unencrypted password.

Not very safe though.

Author Topic: Feature Request: Port-Knocking for OPNsense (Read 345 times)

karm

Feature Request: Port-Knocking for OPNsense

Monviech (Cedrik)

Re: Feature Request: Port-Knocking for OPNsense

Seimus

Re: Feature Request: Port-Knocking for OPNsense

bimbar

Re: Feature Request: Port-Knocking for OPNsense