![\"\"](\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XSNn4IB96k.png\")
\uc774\uc81c \uc555\ucd95\uc744 \ud480\uace0 install.pl \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2e4\ud589\ud558\uc5ec \uc124\uce58\ub97c \uc9c4\ud589\ud558\uc790.
\uc544\ub798 \ubcf4\uc774\ub294 \uc5d0\ub7ec \uba54\uc2dc\uc9c0\ub294 \ud544\uc790\uc758 \uc11c\ubc84\uc5d0 make \uc720\ud2f8\ub9ac\ud2f0\uc758 \uc124\uce58\uac00 \ub418\uc5b4\uc788\uc9c0 \uc54a\uc544 \ubc1c\uc0dd\ud55c \ubb38\uc81c\ub85c, \ub370\ube44\uc548\/\uc6b0\ubd84\ud22c \ubc30\ud3ec\ud310\uc758 \uacbd\uc6b0,<\/p>\n
# apt-get install make<\/p><\/blockquote>\n
\uc758 \uba85\ub839\uc5b4\ub85c \uc124\uce58\uac00 \uac00\ub2a5\ud558\ub2e4.<\/p>\n
fwknop \uc758 \uc124\uce58 \uc2a4\ud06c\ub9bd\ud2b8 install.pl \uc740 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uad8c\ud55c \ubd80\uc5ec \ubaa8\ub4dc(SPA \ubaa8\ub4dc\ub098 \uae30\uc874\uc758 \ud3ec\ud2b8 \ub178\ud0b9 \ubaa8\ub4dc)\ub098 fwknop\uac00 \ud328\ud0b7\uc744 \uc2a4\ub2c8\ud551\ud560 \uc778\ud130\ud398\uc774\uc2a4\uc640 \uac19\uc740 \uba87 \uac00\uc9c0 \uc815\ubcf4\ub97c \uc9c8\ubb38\ud560 \uac83\uc774\ub2e4.<\/p>\n
\uc544\ub798\ub294 \ud544\uc790\uac00 fwknop \ud504\ub85c\uadf8\ub7a8\uc744 \uc124\uce58\ud558\uba74\uc11c \uc120\ud0dd\ud55c \uc635\uc158\ub4e4\uc774\ub2e4.<\/p>\n
[+] fwknop can act as a server (i.e. monitoring authentication packets
and sequences, and taking the appropriate action on the local system
to alter the firewall policy or execute commands), or as a client (i.e.
by manufacturing authentication packets and sequences).<\/p>\nIn which mode will fwknop be executed on the local system? (Note that
fwknop can still be used as a client even if you select “server” here).
(client\/[server]): server<\/p>\n[+] In server mode, fwknop can acquire packet through a pcap file that is
generated by a sniffer (or through the Netfilter ulogd pcap writer), or
by sniffing packets directly off the wire via the Net::Pcap perl module.
Fwknop can also acquire packet data from iptables syslog messages, but
this is only supported for the legacy port knocking mode; Single Packet
Authorization (SPA), which is used in the pcap modes, is a better
authorization strategy from every perspective (see the fwknop man page for
more information). If you intend to use iptables log messages (only makes
sense for the legacy port knocking mode), then fwknop will need to
reconfigure your syslog daemon to write kern.info messages to the
\/var\/lib\/fwknop\/fwknopfifo named pipe. It is highly recommended
to use one of the pcap modes unless you really want the old port knocking
method.<\/p>\nWhich of the following data acquistion methods would you like to use?
([pcap], file_pcap, ulogd, syslogd, syslog-ng): pcap<\/p>\n[+] It appears that the following network interfaces are attached to the
system:
eth0
eth1
lo
Which network interface would you like fwknop to sniff packets from? eth0
[+] fwknop access alerts will be sent to:<\/p>\nroot@localhost<\/p>\n
[+] Would you like access alerts sent to a different address ([y]\/n)? <\/p>\n
[+] To which email address(es) would you like fwknop alerts to be sent?
You can enter as many email addresses as you like; each on its own line.<\/p>\nEnd with a “.” on a line by itself.<\/p>\n
Email Address: root@localhost
Email Address: .
[+] Enable fwknop at boot time ([y]\/n)? n<\/p>\n[+] fwknop has been installed! To start in server mode, run<\/p>\n
“\/etc\/init.d\/fwknop start”<\/p>\n
You may want to consider running the fwknop test suite in the test\/
directory to ensure that fwknop will function correctly on your system.<\/p>\nNote: You will need to edit \/etc\/fwknop\/access.conf for fwknop to
function properly in server mode. More information can be found in
the fwknopd(8) manpage.<\/p><\/blockquote>\nfwknop\ub294 SPA \ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\uc11c SPA \ud328\ud0b7\uc744 \uc804\uc1a1\ub9cc \ud560 \uc218 \uc788\uac8c \uc124\uce58\ud560 \uc218\ub3c4 \uc788\uace0 SPA \ud328\ud0b7\uc744 \uc804\uc1a1\ud558\ub294 \uac83\ubfd0\ub9cc \uc544\ub2c8\ub77c \ub124\ud2b8\uc6cc\ud06c\ub85c\ubd80\ud130 SPA \ud328\ud0b7\uc744 \uc2a4\ub2c8\ud551\ud560 \uc218\ub3c4 \uc788\uac8c(\uc774\uac83\uc774 \uae30\ubcf8 \uac12\uc774\ub2e4) \uc124\uce58\ud560 \uc218\ub3c4 \uc788\ub2e4. fwknop\ub97c \uc804\uccb4 \uc124\uce58\ud558\uba74 \ud30c\uc77c \uc2dc\uc2a4\ud15c\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc740 \uae30\ubcf8 \ub3d9\uc791\uc744 \uc9c0\uc6d0\ud558\uae30 \uc704\ud55c \ub2e4\uc591\ud55c \ud30c\uc77c\uacfc \ub514\ub809\ud1a0\ub9ac\uac00 \uc0dd\uc131\ub41c\ub2e4.<\/p>\n
\/usr\/bin\/fwknop : \uc0ac\uc6a9\uc790\ub85c\ubd80\ud130 \uc554\ud638\ub97c \uc785\ub825\ubc1b\uace0 fwknop \ud328\ud0b7 \ud615\uc2dd\uc744 \ub530\ub974\ub294 SPA \ud328\ud0b7\uc744 \uad6c\uc131\ud55c \ud6c4 \ub77c\uc778\ub2ec \ub300\uce6d \ud0a4 \uc54c\uace0\ub9ac\uc998\uc774\ub098 GnuPG \ube44\ub300\uce6d \uc554\ud638\ud654 \uc54c\uace0\ub9ac\uc998(GnuPG \uc640 \uc5f0\ub3d9)\uc73c\ub85c \ud328\ud0b7 \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\uace0 \uc554\ud638\ud654\ub41c SPA \ud328\ud0b7\uc744 UDP, TCP, \ub610\ub294 ICMP \ub97c \ud1b5\ud574 \uc804\uc1a1\ud558\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8 \ud504\ub85c\uadf8\ub7a8\uc774\ub2e4. \uae30\ubcf8\uc801\uc73c\ub85c fwknop\ub294 UDP \ud3ec\ud2b8 62201\ub85c SPA\ub97c \uc804\uc1a1\ud558\uc9c0\ub9cc \uba85\ub839 \ud589\uc5d0\uc11c \uc774\ub97c \ubcc0\uacbd\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\/usr\/bin\/fwknopd : SPA \ud328\ud0b7 \ub370\uc774\ud130\uc758 \uc2a4\ub2c8\ud551\uacfc \ud3c9\ubb38\ud654, \uc7ac\uc804\uc1a1 \uacf5\uaca9\uc73c\ub85c\ubd80\ud130\uc758 \ubcf4\ud638, fwknop SPA \ud574\ud0b7 \ud615\uc2dd\uc758 \ub514\ucf54\ub529, \uc811\uadfc \uad8c\ud55c \ud655\uc778, SPA \ud328\ud0b7\uc774 \uc694\uccad\ud55c \uc11c\ube44\uc2a4\ub85c \uc77c\uc2dc\uc801\uc778 \uad8c\ud55c\uc744 \ubcf4\uc5ec\ud558\uae30 \uc704\ud55c \ub85c\uceec iptables \uc815\ucc45\uc758 \uc7ac\uc124\uc815\uc744 \ub2f4\ub2f9\ud558\ub294 \uc8fc\uc694 \ub370\ubaac\uc774\ub2e4.<\/p>\n
\/usr\/bin\/fwknop_serv : SPA \ud328\ud0b7\uc774 Tor \uc775\uba85\ud654 \ub124\ud2b8\uc6cc\ud06c(http:\/\/tor.eff.org)\ub97c \ud1b5\ud574 \uc804\uc1a1\ub420 \ub54c\ub9cc \uc4f0\uc774\ub294 \uac04\ub2e8\ud55c TCP \uc11c\ubc84\ub2e4. \uc774 \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uba74 \uc591\ubc29\ud5a5 \ud1b5\uc2e0\uc744 \ud558\uac8c \ub418\ubbc0\ub85c SPA \ud504\ub85c\ud1a0\ucf5c\uc758 \ud1b5\uc0c1\uc801\uc778 \ub2e8\ubc29\ud5a5 \ud2b9\uc131\uc774 \uae68\uc9c0\uac8c \ub41c\ub2e4.<\/p>\n
\/usr\/lib\/fwknop : fwknop\uc774 \uc0ac\uc6a9\ud558\ub294 \ud384 \ubaa8\ub4c8\uc740 \uc2dc\uc2a4\ud15c \ud384 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \ubcf4\uc874\ud558\uae30 \uc704\ud574 \uc774 \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc124\uce58\ub41c\ub2e4. \uc124\uce58\ub418\ub294 \ubaa8\ub4c8\uc740 Net::Pcap, Net::IPv4Addr, Net::RawIP, IPTables::Parse, IPTables::ChainMgr, Unix::Syslog, GnuPG::Interface, Crypt::CBC, Crypt::Rijndael \uc774\ub2e4. install.pl \uc2a4\ud06c\ub9bd\ud2b8\ub294 \ub514\uc2a4\ud06c \uc0ac\uc6a9\uc744 \ucd5c\uc18c\ud654\ud558\uae30 \uc704\ud574 \uc2dc\uc2a4\ud15c \ud384 \ub77c\uc774\ube0c\ub7ec\ub9ac \ud2b8\ub9ac\uc5d0 \uc5c6\ub294 \ud384 \ubaa8\ub4c8\ub9cc\uc744 \uc124\uce58\ud55c\ub2e4. \uadf8\ub7ec\ub098 –force-mod-install \uba85\ub839 \ud589 \uc778\uc790\ub97c \uc0ac\uc6a9\ud574\uc11c install.pl \uc774 \ud544\uc694\ud55c \ud384 \ubaa8\ub4c8 \uc804\uccb4\ub97c \uc124\uce58\ud558\uac8c \ud560 \uc218\ub3c4 \uc788\ub2e4. IPTables::Parse \uc640 IPTables::ChainMgr \ubaa8\ub4c8\uc740 ipfw \ubc29\ud654\ubcbd\uc744 \uc2e4\ud589 \uc911\uc778 \uc2dc\uc2a4\ud15c\uc5d0 \uc124\uce58\ud558\uac70\ub098 \uc708\ub3c4\uc6b0\uc758 \uc2dc\uadf8\uc708(Cygwin)\uc5d0 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc804\uc6a9 \ubaa8\ub4dc\ub85c \uc124\uce58\ud558\ub294 \uacbd\uc6b0\uc5d0\ub294 \uc808\ub300 \uc124\u314a\ub418\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n
\/etc\/fwknop : fwknop.conf \ub098 access.conf\uc640 \uac19\uc740 fwknop \ub370\ubaac \uc124\uc815 \ud30c\uc77c\uc744 \uc704\ud55c \uc8fc\uc694 \ub514\ub809\ud1a0\ub9ac\uc774\ub2e4. \uc774 \ub514\ub809\ud1a0\ub9ac\ub294 \uc11c\ubc84 \ubaa8\ub4dc\ub85c \uc2e4\ud589\ub420 \ub54c fwknop \ub370\ubaac\uc774 \uc0ac\uc6a9\ud558\uba70, \ud074\ub77c\uc774\uc5b8\ud2b8 \ubaa8\ub4dc\uc5d0\uc11c SPA \ud328\ud0b7\uc744 \uc804\uc1a1\ud560 \ub54c\ub294 \ud544\uc694\uce58 \uc54a\ub2e4.<\/p>\n
\/usr\/sbin\/knopmd : \uba85\uba85\ub41c \ud30c\uc774\ud504 \/var\/lib\/fwknop\/fwknopfifo \uc5d0\uc11c iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uad6c\ubb38 \ubd84\uc11d\ud558\ub294 \ub370 \uc4f0\uc774\ub294 \ub370\ubaac\uc774\ub2e4. \uc774 \ub370\ubaac\uc740 fwknop \uac00 \ud3ec\ud2b8 \ub178\ud0b9 \ubaa8\ub4dc\ub85c \uc2e4\ud589\ub420 \ub54c\ub9cc \uc4f0\uc778\ub2e4.<\/p>\n
\/usr\/sbin\/knoptm : fwknop\uac00 \uc801\ubc95\ud55c SPA \ud074\ub77c\uc774\uc5b8\ud2b8\ub97c \uc704\ud574 \uc811\uadfc \uaddc\uce59\uc744 \ucd94\uac00\ud55c iptables \uccb4\uc778\uc5d0\uc11c \uaddc\uce59 \ud56d\ubaa9\uc744 \uc81c\uac70\ud558\ub294 \ub370\ubaac\uc774\ub2e4. \uc8fc fwknopd \ub370\ubaac\uc740 \uc2e4\uc2dc\uac04 \uc778\ud130\ud398\uc774\uc2a4\ub85c\ubd80\ud130 \uc2a4\ub2c8\ud551\ud558\uba70, OS\ub294 fwknopd\uac00 \uc778\ud130\ud398\uc774\uc2a4\uc5d0 \uc758\ud574 \ud328\ud0b7\uc744 \uc218\uc2e0\ud560 \ub54c\uae4c\uc9c0 fwknopd\uc758 \uc2e4\ud589\uc744 \uc2a4\ucf00\uc974\ub9c1\ud558\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc774 \ub370\ubaac\uc774 \ud544\uc694\ud558\ub2e4. fwknopd\uac00 \ubcc4\ub3c4\uc758 \uc2a4\ub2c8\ud37c \ud504\ub85c\uc138\uc2a4\ub098 ulogd\uc5d0 \uc758\ud574 \uac31\uc2e0\ub418\ub294 PCAP \ud30c\uc77c\uc5d0\uc11c \ud328\ud0b7 \ub370\uc774\ud130\ub97c \uc77d\uc744 \ub54c\ub294 knoptm \ub370\ubaac\uc774 \uc0ac\uc6a9\ub418\uc9c0 \uc54a\ub294\ub2e4. \uc774 \uacbd\uc6b0 fwknopd \ub294 \uc778\ud130\ud398\uc774\uc2a4\uc5d0\uc11c \ud328\ud0b7\uc774 \uc218\uc2e0\ub410\ub294\uc9c0 \uc5ec\ubd80\uc640 \ubb34\uad00\ud558\uac8c \uc8fc\uae30\uc801\uc73c\ub85c \uc2e4\ud589\ub418\uac8c \uc2a4\ucf00\uc904\ub9c1\ub418\uba70, iptables \uaddc\uce59\uc5d0 \ub300\ud55c \uc2dc\uac04 \ub9cc\ub8cc\ub97c \uc9c1\uc811 \uac15\uc81c\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\/usr\/sbin\/knopwatched : \ub370\ubaac\uc774 \uc8fd\ub294 \uacbd\uc6b0 \uc774\ub97c \uc7ac\uc2dc\uc791\ud558\ub294 \uac10\uc2dc \ub370\ubaac\uc774\ub2e4. \uadf8\ub7ec\ub098 \uc77c\ubc18\uc801\uc73c\ub85c fwknop\ub294 \ub9e4\uc6b0 \uc548\uc815\uc801\uc774\ubbc0\ub85c knopwatchd\uc774 \uc2e4\uc9c8\uc801\uc73c\ub85c \uc4f0\uc774\ub294 \uacbd\uc6b0\ub294 \uac70\uc758 \uc5c6\ub2e4. \uadf8\ub7ec\ub098 SPA\ub97c \uc2e4\ud589\ud55c\ub2e4\ub294 \uac83\uc740 fwknop\uac00 \uc2e4\ud589 \uc911\uc774\uc9c0 \uc54a\ub2e4\uba74 \uc5b4\ub5a4 \uac83\ub3c4 \ubcf4\ud638\ub41c \uc11c\ube44\uc2a4\ub85c \uc811\uadfc\ud560 \uc218 \uc5c6\ub2e4\ub294 \uac83\uc744 \uc758\ubbf8\ud558\ubbc0\ub85c \ub2e8\uc21c\ud55c \uc608\ubc29 \uc870\uce58\ub85c\uc11c \uc774 \ub370\ubaac\uc774 \ud544\uc694\ud558\ub2e4.<\/p>\n
\/etc\/init.d\/fwknop : fwknop\ub97c \uc704\ud55c \ucd08\uae30\ud654 \uc2a4\ud06c\ub9bd\ud2b8\ub85c \uc0ac\uc6a9\uc790\uac00 \ub300\ubd80\ubd84\uc758 \ub9ac\ub205\uc2a4 \ubc30\ud3ec\ud310\uacfc \ub3d9\uc77c\ud55c \ubc29\uc2dd(\/etc\/init.d\/fwknop start)\ub97c \uc2e4\ud589\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c fwknop\ub97c \uc2dc\uc791\ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4. init \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0ac\uc6a9\ud558\ub294 \uac83\uc740 fwknop\ub97c \uc11c\ubc84 \ubaa8\ub4dc\ub85c \uc2dc\uc791\ud560 \ub54c\ub9cc \uac00\ub2a5\ud558\ub2e4.<\/p>\n
* fwknop \uc124\uc815<\/span><\/p>\n
\uc11c\ubc84 \ubaa8\ub4dc\uc5d0\uc11c fwknop\ub294 \uc124\uc815 \uc9c0\uc2dc\uc5b4\ub97c \uc704\ud574 \ub450 \uac1c\uc758 \uc8fc\uc694 \uc124\uc815 \ud30c\uc77c\uc778 fwknop.conf \uc640 access.conf \ub97c \ucc38\uc870\ud55c\ub2e4. psad \uc124\uc815 \ud30c\uc77c(5\uc7a5 \ucc38\uc870)\uacfc \ub9c8\ucc2c\uac00\uc9c0\ub85c \uc124\uc815 \ud30c\uc77c\uc758 \uac01 \ud589\uc5d0\ub294 \uc124\uc815 \ubcc0\uc218\ub97c \uc815\uc758\ud558\uae30 \uc704\ud55c \uac04\ub2e8\ud55c \ud0a4-\uac12 \uaddc\uc57d\uc774 \ub098\uc628\ub2e4. \uc8fc\uc11d \ud589\uc740 #\ub85c \uc2dc\uc791\ud55c\ub2e4.<\/p>\n
** \/etc\/fwknop\/fwknop.conf<\/p>\n
fwknop.conf \ud30c\uc77c\uc740 \uc778\uc99d \ubaa8\ub4dc, \ubc29\ud654\ubcbd \uc720\ud615, \ud328\ud0b7\uc744 \uc2a4\ub2c8\ud551\ud560 \uc778\ud130\ud398\uc774\uc2a4, \ud328\ud0b7\uc744 \ubb34\ucc28\ubcc4\uc801\uc73c\ub85c \uc2a4\ub2c8\ud551\ud560\uc9c0 \uc5ec\ubd80(\uc989, fwknoop\uac00 \ub85c\uceec \uc778\ud130\ud398\uc774\uc2a4\uc758 MAC \uc8fc\uc18c\ub97c \ubaa9\uc801\uc9c0\ub85c \uac00\uc9c0\uc9c0 \uc54a\ub294 \uc774\ub354\ub137 \ud504\ub808\uc784\uc744 \ucc98\ub9ac\ud560\uc9c0 \uc5ec\ubd80), \uacbd\uace0\uac00 \uc804\uc1a1\ub420 \uba54\uc77c \uc8fc\uc18c \ub4f1\uacfc \uac19\uc740 \uc911\uc694\ud55c \uc124\uc815 \ubcc0\uc218\ub97c \uc815\uc758\ud55c\ub2e4.<\/p>\n
– AUTH_MODE<\/p>\n
AUTH_MODE \ub294 fwknop \ub370\ubaac\uc5d0\uac8c \ud328\ud0b7 \ub370\uc774\ud130\ub97c \uc5b4\ub5bb\uac8c \uc218\uc9d1\ud560\uc9c0 \uc54c\ub824\uc900\ub2e4.<\/p>\n
### This defines the general strategy fwknop uses to authenticate remote
### clients. Possible values are “PCAP” (authenticate via regular pcap; this
### is the default and puts the interface in promiscuous mode unless
### ENABLE_PCAP_PROMISC is turned off) FILE_PCAP (authenticate via a pcap file
### that is built by a sniffer), ULOG_PCAP (authenticate via the ulogd pcap
### writer). This variable can also be set to “KNOCK” if you really want to
### use the legacy port knocking mode.
AUTH_MODE PCAP;<\/p><\/blockquote>\n– PCAP_INTF<\/p>\n
PCAP_INTF \ubcc0\uc218\ub294 fwknop \ub370\ubaac\uc774 \ud328\ud0b7\uc744 \uac10\uc2dc\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ud558\ub294 \uc2e4\uc2dc\uac04 \uc778\ud130\ud398\uc774\uc2a4\ub97c \uc815\uc758\ud55c\ub2e4. \uc774 \ubcc0\uc218\ub294 AUTH_MOD \uac00 PCAP\uc73c\ub85c \uc124\uc815\ub41c \uacbd\uc6b0\uc5d0\ub9cc \uc0ac\uc6a9\ub41c\ub2e4.<\/p>\n
### Define the ethernet interface on which we will sniff packets. Note
### that this is only used if the AUTH_MODE keyword above is set to
### “PCAP”
PCAP_INTF eth0;<\/p><\/blockquote>\n– PCAP_FILTER<\/p>\n
\uc2e4\uc2dc\uac04 \uc778\ud130\ud398\uc774\uc2a4\ub294 SPA \ud2b8\ub798\ud53d\uacfc \uc804\ud600 \ubb34\uad00\ud55c \ub2e4\ub7c9\uc758 \ud328\ud0b7\uc744 \uc804\uc1a1\ud558\uac70\ub098 \uc218\uc2e0\ud560 \uc218 \uc788\uc73c\uba70, fwknop \ub370\ubaac\uc774 \uc774\ub7f0 \ud328\ud0b7\uae4c\uc9c0 \ucc98\ub9ac\ud558\uac8c \ud560 \ud544\uc694\ub294 \uc5c6\ub2e4. PCAP_FILTER \ubcc0\uc218\ub294 libpcap \uc774 \ub124\ud2b8\uc6cc\ud06c \uacc4\uce35 \uc8fc\uc18c\ub098 \uc804\uc1a1 \ud3ec\ud2b8 \ubc88\ud638 \ub4f1\uacfc \uac19\uc740 \uae30\uc900\uc5d0 \uae30\ubc18\ud574\uc11c fwknop\uc5d0\uac8c \uc804\ub2ec\ud558\ub294 \ud328\ud0b7 \uc720\ud615\uc744 \uc81c\ud55c\ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4.<\/p>\n
### Define the filter used for PCAP modes; we default to udp port 62201.
### However, if an fwknop client uses the –rand-port option to send the
### SPA packet over a random port, then this variable should be updated to
### something like “udp dst portrange 10000-65535”;
PCAP_FILTER udp port 62201;<\/p><\/blockquote>\n– ENALBLE_PCAP_PROMISC<\/p>\n
\uc774 \ubcc0\uc218\ub294 Y\ub85c \uc124\uc815\ub420 \uacbd\uc6b0 fwknop \ub370\ubaac\uc774 \uc2e4\uc2dc\uac04 \ud328\ud0b7 \ucea1\ucc98 \uc778\ud130\ud398\uc774\uc2a4\ub97c \ud1b5\ud574 \uc804\uc1a1\ub418\ub294 \ubaa8\ub4e0 \uc774\ub354\ub137 \ud504\ub808\uc784\uc744 \uac10\uc2dc\ud558\uac8c \ud55c\ub2e4(\uc989, \uc778\ud130\ud398\uc774\uc2a4\uac00 \ubb34\ucc28\ubcc4 \ubaa8\ub4dc\ub85c \ub3d9\uc791\ud55c\ub2e4). \uc774 \ubcc0\uc218\ub294 AUTH_MODE\uac00 PCAP\uc73c\ub85c \uc124\uc815\ub41c \uacbd\uc6b0 \uae30\ubcf8\uc801\uc73c\ub85c \ud65c\uc131\ud654\ub41c\ub2e4. \uadf8\ub7ec\ub098 fwknop \ub370\ubaac\uc774 \uc2a4\ub2c8\ud551\ud558\ub294 \uc778\ud130\ud398\uc774\uc2a4\uac00 \ud65c\uc131\ud654 \uc0c1\ud0dc\ub85c \ud560\ub2f9\ub41c IP \uc8fc\uc18c\ub97c \uac00\uc9c0\uace0 \uc788\ub2e4\uba74, \uc989 \uc774 \uc778\ud130\ud398\uc774\uc2a4\ub97c \ud1b5\ud574 SPA \ud328\ud0b7\uc744 \uc9c1\uc811 \uc804\uc1a1\ud560 \uc218 \uc788\ub2e4\uba74 \uae30\ub2a5\uc744 \ube44\ud65c\uc131\ud654 \ud560 \uc218 \uc788\ub2e4.<\/p>\n
### Define whether put the pcap interface in promiscuous mode.
ENABLE_PCAP_PROMISC Y;<\/p><\/blockquote>\n– FIREWALL_TYPE<\/p>\n
FIREWALL_TYPE \ubcc0\uc218\ub294 fwknopd\uac00 \uc720\ud6a8\ud55c SPA \ud328\ud0b7\uc744 \uc218\uc2e0\ud55c \ud6c4 \uc7ac\uc124\uc815\ud574\uc57c \ud558\ub294 \ubc29\ud654\ubcbd \uc720\ud615\uc744 \uc54c\ub824\uc900\ub2e4. \uc9c0\uc6d0\ub418\ub294 \uac12\uc740 iptables(\uae30\ubcf8 \uac12)\uc640 FreeBSD\ub098 Mac OS X \uc2dc\uc2a4\ud15c\uc744 \uc704\ud55c ipfw \ub2e4.<\/p>\n
### Define the firewall type. The default is “iptables” for Linux systems,
### but this can be set to “ipfw” for *BSD systems. Also supported is
### “external_cmd” to allow fwknop to invoke an external command instead of
### interfacing with the firewall at all
FIREWALL_TYPE iptables;<\/p><\/blockquote>\n– IPT_AUTO_CHAIN1<\/p>\n
IPT_AUTO_CHAIN1 \ubcc0\uc218\uc758 \uae30\ubcf8 \uc124\uc815\uc740 \ub9de\ucda4\ud615 iptables \uccb4\uc778 FORWARD_INPUT\uc5d0 ACCEPT \uaddc\uce59\uc744 \ucd94\uac00\ud558\uace0 \ud328\ud0b7\uc744 \uace0\uc720 INPUT \uccb4\uc778\uc5d0\uc11c \uc774 \uccb4\uc778\uc73c\ub85c \uac74\ub108\ub6f0\uac8c \ud558\ub294 \uac83\uc774\ub2e4.
### fwknop uses the IPTables::ChainMgr module to add allow rules to a
### custom iptables chain “FWKNOP_INPUT”. This chain is called from
### the INPUT chain, and by default no other iptables chains are used.
### However, additional chains can be added (say, if access needs to
### be allowed through the local system via the FORWARD chain) by
### altering the IPT_FORWARD_ACCESS variable below. For a discussion of
### the format followed by these keywords, read on:
### Specify chain names to which iptables blocking rules will be
### added with the IPT_INPUT_ACCESS and IPT_FORWARD_ACCESS keyword.
### The format for these variables is:
### <Target>,<Direction>,<Table>,<From_chain>,<Jump_rule_position>,
### <To_chain>,<Rule_position>.
### “Target”: Can be any legitimate iptables target, but should usually
### just be “DROP”.
### “Direction”: Can be “src”, “dst”, or “both”, which correspond to the
### INPUT, OUTPUT, and FORWARD chains.
### “Table”: Can be any iptables table, but the default is “filter”.
### “From_chain”: Is the chain from which packets will be jumped.
### “Jump_rule_position”: Defines the position within the From_chain where
### the jump rule is added.
### “To_chain”: Is the chain to which packets will be jumped. This is the
### main chain where fwknop rules are added.
### “Rule_position”: Defines the position where rule are added within the
### To_chain.
IPT_INPUT_ACCESS ACCEPT, src, filter, INPUT, 1, FWKNOP_INPUT, 1;
### The IPT_OUTPUT_ACCESS variable is only used if ENABLE_IPT_OUTPUT is enabled
IPT_OUTPUT_ACCESS ACCEPT, dst, filter, OUTPUT, 1, FWKNOP_OUTPUT, 1;
### The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is enabled
IPT_FORWARD_ACCESS ACCEPT, src, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
IPT_DNAT_ACCESS DNAT, src, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
### The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
### ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be
### set with the SNAT_TRANSLATE_IP variable. The default is to use the
### IPT_MASQUERADE_ACCESS variable.
IPT_SNAT_ACCESS SNAT, src, nat, POSTROUTING, 1, FWKNOP_POSTROUTING, 1;
IPT_MASQUERADE_ACCESS MASQUERADE, src, nat, POSTROUTING, 1, FWKNOP_POSTROUTING, 1;<\/p><\/blockquote>\n– ENABLE_MD5_PERSISTENCE<\/p>\n
ENABLE_MD5_PERSISTENCE \ubcc0\uc218\ub294 fwknop \ub370\ubaac\uc774 \uc131\uacf5\uc801\uc73c\ub85c \ud3c9\ubb38\ud654\ub41c SPA \ud328\ud0b7\uc758 MD5 \ud569\uc744 \ub514\uc2a4\ud06c\uc5d0 \uae30\ub85d\ud560\uc9c0 \uc5ec\ubd80\ub97c \uc81c\uc5b4\ud55c\ub2e4. (\ud544\uc790\uac00 \uc124\uce58\ud55c fwknop-1.9.12 \ubc84\uc804\uc740 \uc57d\uac04 \ub2e4\ub974\uac8c \ub418\uc5b4 \uc788\uc5c8\ub2e4. DIGEST_TYPE \uc5d0\uc11c \uc554\ud638\ud654 \ubc29\uc2dd\uc744 \uacb0\uc815\ud55c \ud6c4, \uadf8\uac83\uc758 \uae30\ub85d\uc5ec\ubd80\ub97c \ud655\uc778\ud558\ub294 \ubc29\uc2dd\uc774\uc5c8\ub2e4)<\/p>\n
### Track digest sums associated with previous fwknop process. This allows
### digest sums to remain persistent across executions of fwknop.
ENABLE_DIGEST_PERSISTENCE Y;<\/p>\n### Default to using all three of SHA256, SHA1, and MD5 for SPA replay attack
### detection. This is overkill, but performance is not usually a concern.
### Further, the variable can also be set to “SHA1” or “MD5”.
DIGEST_TYPE ALL;<\/p><\/blockquote>\n– MAX_SPA_PACKET_AGE<\/p>\n
MAX_SPA_PACKET_AGE \ubcc0\uc218\ub294 fwknop \uc11c\ubc84\uac00 SPA \ud328\ud0b7\uc744 \uc218\uc6a9\ud560 \uc218 \uc788\ub294 \ucd5c\ub300 \ub098\uc774\ub97c \ucd08\ub85c \uc815\uc758\ud55c\ub2e4. \uae30\ubcf8 \uac12\uc740 2\ubd84\uc774\ub2e4. \uc774 \ubcc0\uc218\ub294 ENABLE_SPA_PACKET_AGING \uc774 \ud65c\uc131\ud654\ub41c \uacbd\uc6b0\uc5d0\ub9cc \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n
### This instructs fwknopd to not honor SPA packets that have an old time
### stamp. The value for “old” is defined by the MAX_SPA_PACKET_AGE variable.
### If ENABLE_SPA_PACKET_AGING is set to “N”, fwknopd will not use the client
### time stamp at all.
ENABLE_SPA_PACKET_AGING Y;<\/p>\n### Defines the maximum age (in seconds) that an SPA packet will be accepted.
### This requires that the client system is in relatively close time
### synchronization with the fwknopd server system (NTP is good). The default
### age is two minutes.
MAX_SPA_PACKET_AGE 120;<\/p><\/blockquote>\n– REQUIRE_SOURCE_ADDRESS<\/p>\n
REQUIRE_SOURCE_ADDRESS \ubcc0\uc218\ub97c \ud1b5\ud574 fwknop \uc11c\ubc84\ub294 \ubaa8\ub4e0 SPA \ud328\ud0b7\uc774 \uc554\ud638\ud654\ub41c \ud398\uc774\ub85c\ub4dc\uc5d0 iptables \ub97c \ud1b5\ud574 \uc811\uadfc \uad8c\ud55c\uc744 \ubd80\uc5ec \ubc1b\uc744 IP \uc8fc\uc18c\ub97c \ud3ec\ud568\ud558\uac8c \uc694\uad6c\ud560 \uc218 \uc788\ub2e4. \uc774 \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud558\uba74 fwknop \ud074\ub77c\uc774\uc5b8\ud2b8 \uba85\ub839 \ud589\uc5d0\uc11c -s \uc778\uc790\ub97c \uc0ac\uc6a9\ud55c SPA \ud328\ud0b7\uc5d0 \uc704\uce58\ud55c 0.0.0.0 \uc640\uc77c\ub4dc\uce74\ub4dc IP \uc8fc\uc18c\ub294 \uc218\uc6a9\ub418\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n
### Force all SPA packets to contain a real IP address within the encrypted
### data. This makes it impossible to use the -s command line argument on
### the fwknop client command line, so either -R has to be used to
### automatically resolve the external address (if the client behind a NAT) or
### the client must know the external IP.
REQUIRE_SOURCE_ADDRESS N;<\/p><\/blockquote>\n– EMAIL_ADDRESS<\/p>\n
fwknop \uc11c\ubc84\ub294 SPA \ud328\ud0b7\uc774 \uc218\uc6a9\ub418\uace0 \uc11c\ube44\uc2a4\ub85c\uc758 \uc811\uadfc \uad8c\ud55c\uc774 \ubd80\uc5ec\ub420 \ub54c, \uc811\uadfc \uad8c\ud55c\uc774 \uc81c\uac70\ub420 \ub54c, \uc7ac\uc804\uc1a1 \uacf5\uaca9\uc774 \ubb34\ub825\ud654\ub410\uc744 \ub54c \ub4f1\uacfc \uac19\uc740 \uc5ec\ub7ec \uc0c1\ud669\uc5d0\uc11c \uba54\uc77c \uacbd\uace0\ub97c \uc804\uc1a1\ud55c\ub2e4. \ucf64\ub9c8\ub97c \uc774\uc6a9\ud574\uc11c \uc5ec\ub7ec \uac1c\uc758 \uba54\uc77c \uc8fc\uc18c\ub97c \uba85\uc2dc\ud560 \uc218\ub3c4 \uc788\ub2e4.<\/p>\n
### Supports multiple email addresses (as a comma separated
### list).
EMAIL_ADDRESSES root@localhost;<\/p><\/blockquote>\n– GPG_DEFAULT_HOME_DIR<\/p>\n
GPG_DEFAULT_HOME \ubcc0\uc218\ub294 \uc804\uc790 \uc11c\uba85 \ud655\uc778\uacfc SPA \ud328\ud0b7\uc758 \ud3c9\ubb38\ud654\ub97c \uc704\ud574 GnuPG \ud0a4\uac00 \uc800\uc7a5\ub418\ub294 \ub514\ub809\ud1a0\ub9ac\uc758 \uacbd\ub85c\ub97c \uba85\uc2dc\ud55c\ub2e4. \uae30\ubcf8 \uac12\uc740 \ub8e8\ud2b8\uc758 \ud648 \ub370\ub9ad\ud1a0\ub9ac\uc5d0 \uc788\ub294 .gnupg \ub514\ub809\ud1a0\ub9ac\ub2e4.<\/p>\n
### If GPG keys are used instead of a Rijndael symmetric key, this is
### the default GPG keys directory. Note that each access block in
### \/etc\/fwknop\/access.conf can specify its own GPG directory to override
### this default.
GPG_DEFAULT_HOME_DIR \/root\/.gnupg;<\/p><\/blockquote>\n– ENABLE_TCP_SERVER<\/p>\n
ENABLE_TCP_SERVER \ubcc0\uc218\ub294 fwknop\uc774 SPA \ud328\ud0b7 \ub370\uc774\ud130\ub97c \uc218\uc6a9\ud558\uae30 \uc704\ud574 \ud2b9\uc815 \ud3ec\ud2b8\ub85c TCP \uc11c\ubc84\ub97c \ubc14\uc778\ub529\ud560\uc9c0 \uc5ec\ubd80\ub97c \uc81c\uc5b4\ud55c\ub2e4. SPA \ud328\ud0b7\uc774 \ub370\uc774\ud130 \uc804\uc1a1\uc5d0 TCP \ub9cc\uc744 \uc0ac\uc6a9\ud558\ub294 Tor \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \ub77c\uc6b0\ud305\ub418\uae38 \ubc14\ub780\ub2e4\uba74 \uc774 \uae30\ub2a5\uc740 \ud65c\uc131\ud654\ud574\uc57c \ud55c\ub2e4. \uc774 \uae30\ub2a5\uc740 \uae30\ubcf8\uc801\uc73c\ub85c \ube44\ud65c\uc131\ud654\ub3fc\uc788\ub2e4.<\/p>\n
### Note that fwknopd still only gets its data via pcap (unless AUTH_MODE is
### set to ‘SOCKET’), so the filter defined by PCAP_FILTER needs to be updated
### to include the tcp or udp port if either of these variables are enabled.
ENABLE_TCP_SERVER N;
ENABLE_UDP_SERVER N;<\/p>\n### Set the default port number for a “dummy” tcp or udp server (udp is
### best to use since nothing will be sent back to the client, so as far as a
### scanner can tell the port is ‘filtered’). The server is only spawned when
### ENABLE_TCP_SERVER or ENABLE_UDP_SERVER is set to “Y”.
TCPSERV_PORT 62201;
UDPSERV_PORT 62201;<\/p><\/blockquote>\n** \/etc\/fwknop\/access.conf
\/etc\/fwknop\/access.conf \ud30c\uc77c\uc740 \ud3c9\ubb38\ud654 \uc554\ud638\ub098 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ud560\ub2f9\ub41c \uad8c\ud55c \ubd80\uc5ec \uad8c\ub9ac\uc640 \uac19\uc740 \ub0b4\uc6a9\uc744 \ub2f4\ub2f9\ud55c\ub2e4.<\/p>\n#
# File: access.conf
#
# Purpose: This file defines how fwknop will modify firewall access controls
# for specific IPs\/networks. It gets installed by default at
# \/etc\/fwknop\/access.conf and is consulted by fwknop when run in
# “access control mode”, which is the default (i.e. when fwknop is
# run from the command line without any command line arguments).
# Normally fwknop is used in Single Packet Authorization (SPA) mode
# but the legacy port knocking mode is also supported. Multiple
# access controls can be specified for the same source machine, and
# access for arbitrary addresses is also defined in this file.
#
# See the fwknop man page for a comprehensive treatment of the various
# access control variables. See the README.ACCESS file for additional
# examples on how to configure access for various services.
#
##############################################################################
#
# $Id: access.conf 1145 2008-06-28 15:41:17Z mbr $
#<\/p>\n### default Single Packet Authorization (SPA) via libpcap:
SOURCE: ANY;
OPEN_PORTS: tcp\/22; ### for ssh (change for access to other services)
KEY: __CHANGEME__;
FW_ACCESS_TIMEOUT: 30;
### if you want to use GnuPG keys (recommended) then define the following
### variables
#GPG_HOME_DIR: \/root\/.gnupg;
#GPG_DECRYPT_ID: ABCD1234;
#GPG_DECRYPT_PW: myGpgPassword;
#GPG_REMOTE_ID: 1234ABCD;<\/p><\/blockquote>\n– SOURCE<\/p>\n
SOURCE\ub294 fwknop\uac00 \uc720\ud6a8\ud55c SPA \ud328\ud0b7\uc758 \uc811\uadfc \uc218\uc900\uc744 \uacb0\uc815\ud558\uac8c \ud574\uc8fc\ub294 \uc8fc\uc694 \uad6c\ubd84 \ubcc0\uc218\ub2e4.SOURCE \ubcc0\uc218\uc758 \uae30\ubcf8 \uac12\uc740 \uc704\uc5d0 \ub098\uc628 \uac83\ucc98\ub7fc fwknop\uac00 \uc784\uc758\uc758 \uc8fc\uc18c\ub85c\ubd80\ud130 \uc628 SPA \ud328\ud0b7\uc744 \uac80\uc99d\ud558\uac8c \ud558\uc9c0\ub9cc \uac1c\ubcc4 IP \uc8fc\uc18c\ub098 CIDR \ub124\ud2b8\uc6cc\ud06c\ub3c4 \uc9c0\uc6d0\ub41c\ub2e4.<\/p>\n
– OPEM_PORTS<\/p>\n
OPEN_PORTS \ubcc0\uc218\ub294 fwknop \uc774 \ub85c\uceec iptables \uc815\ucc45\uc744 \uc7ac\uc124\uc815\ud574\uc11c \ud2b9\uc815 \ud3ec\ud2b8\uc5d0 \uc811\uadfc \uad8c\ud55c\uc744 \ubd80\uc5ec\ud558\uac8c \ud55c\ub2e4. PERMIT_CLIENT_PORTS \ubcc0\uc218\uac00 Y\ub85c \uc124\uc815\ub3fc\uc788\uc9c0 \uc54a\ub294 \ud55c \ud074\ub77c\uc774\uc5b8\ud2b8\ub294 OPEN_PORTS\uc5d0 \ub098\uc5f4\ub41c \uac83\uc744 \uc81c\uc678\ud558\uace0\ub294 \uc5b4\ub5a4 \uc11c\ube44\uc2a4\ub85c\uc758 \uc811\uadfc \uad8c\ud55c\ub3c4 \uc5bb\uc744 \uc218 \uc5c6\ub2e4.<\/p>\n
– PERMIT_CLIENT_PORTS<\/p>\n
– ENABLE_CMD_EXEC<\/p>\n
– CMD_REGEX<\/p>\n
– DATA_COLLECT_MODE<\/p>\n
– REQUIRE_USERNAME<\/p>\n
– FW_ACCESS_TIMEOUT<\/p>\n
– KEY<\/p>\n
– GPG_DECRYPT_ID<\/p>\n
– GPG_DECRYPT_OW<\/p>\n
– GPG_REMOTE_ID<\/p>\n
* fwknop SPA \ud328\ud0b7 \ud615\uc2dd<\/span><\/p>\n
\ubaa8\ub4e0 SPA \ud328\ud0b7\uc740 \uc798 \uc815\uc758\ub41c \uaddc\uce59\ub4e4\uc5d0 \ub530\ub77c \uad6c\uc131\ub41c\ub2e4. \uc774\ub7ec\ud55c \uaddc\uce59\uc740 fwknop \uc11c\ubc84\uac00 iptables\ub97c \ud1b5\ud574 \uc694\uccad\ub418\ub294 \uc811\uc18d\uc758 \uc720\ud615\uacfc \uc694\uccad\ud558\ub294 \u3145\uc6a9\uc790\ub97c \ud655\uc2e0\ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4. fwknop \ud074\ub77c\uc774\uc5b8\ud2b8 \uba85\ub839 \ud589\uc73c\ub85c\ubd80\ud130 \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \ubc1b\uc740 \ud6c4 SPA \ud328\ud0b7\uc740 \ub2e4\uc74c\uc744 \ud3ec\ud568\ud55c\ub2e4.<\/p>\n
– \ubb34\uc791\uc704 \ub370\uc774\ud130(16\ubc14\uc774\ud2b8) : fwknop\uc774 \uc0dd\uc131\ud558\ub294 \ubaa8\ub4e0 SPA \ud328\ud0b7\uc774 \uc720\uc77c\ud558\uac8c \ubcf4\uc7a5\ud558\uae30\uc5d0 \ucda9\ubd84\ud55c \ubb34\uc791\uc704 \uc815\ubcf4\ub97c \uc81c\uacf5\ud55c\ub2e4. \ud328\ud0b7\uc758 \uc720\uc77c\uc131\uc740 \ucd5c\uc18c\ud55c \ud384 \ud568\uc218 rand()\uac00 \ub9e4\ud638\ucd9c \uc2dc\ub9c8\ub2e4 \uc81c\uacf5\ud560 \uc218 \uc788\ub294 \ubb34\uc791\uc704\uc131 \uc815\ub3c4\uc640 \uac19\ub2e4.<\/p>\n
– \uc0ac\uc6a9\uc790\uba85 : fwknop \uba85\ub839\uc744 \uc2e4\ud589\ud558\ub294 \uc0ac\uc6a9\uc790\uba85\uc73c\ub85c getlogin()\uc774\ub098 getlogin()\uc774 \uc2e4\ud328\ud560 \uacbd\uc6b0 gwtpwuid()\uac00 \ubc18\ud658\ud558\ub294 \uac83\uacfc \ub3d9\uc77c\ud558\ub2e4. fwknop \uc11c\ubc84\ub294 \uc6d0\uaca9 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uba85\ub839\uc744 \uc2e4\ud589\ud558\uac70\ub098 \uc11c\ube44\uc2a4\uc5d0 \uc811\uc18d\ud560 \uad8c\ud55c\uc744 \uc904 \uac83\uc778\uc9c0 \uacb0\uc815\ud558\uae30 \uc704\ud574 \uc774 \uc0ac\uc6a9\uc790\uba85\uc744 \uc0ac\uc6a9\ud55c\ub2e4(fwknop \uc11c\ubc84\uac00 \uc0ac\uc6a9\uc790\uba85\uc744 \ubcf4\ub294 \uc2dc\uc810\uc5d0\uc11c SPA \ud328\ud0b7\uc774 \uc131\uacf5\uc801\uc73c\ub85c \ud3c9\ubb38\ud654\ub3fc \uc788\ub2e4).<\/p>\n
– \ud0c0\uc784 \uc2a4\ud0ec\ud504 : \ub85c\uceec \uc2dc\uc2a4\ud15c\uc0c1\uc758 \ud0c0\uc784 \uc2a4\ud0ec\ud504\ub2e4.<\/p>\n
– \uc18c\ud504\ud2b8\uc6e8\uc5b4 \ubc84\uc804 : fwknop \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \ubc84\uc804\uc774\ub2e4.<\/p>\n
– \ubaa8\ub4dc : fwknop \uc11c\ubc84\ub294 \uc774 \uac12\uc744 \ud1b5\ud574 SPA \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uba85\ub839\uc744 \uc2e4\ud589\ud558\uace0\uc790 \ud558\ub294\uc9c0 \uc5ec\ubd80\ub97c \uc54c \uc218 \uc788\ub2e4. \uae30\ubcf8 \uac12\uc740 \uc811\uadfc \ubaa8\ub4dc\uc5d0 \ud574\ub2f9\ud558\ub294 1\uc774\ub2e4. \uba85\ub839 \ubaa8\ub4dc\ub294 0\uc73c\ub85c \ub098\ud0c0\ub0b8\ub2e4.<\/p>\n
– \uc811\uadfc \uc9c0\uc2dc\uc5b4 : \uc815\ucc45\uc774 \uc218\uc815\ub420 \ub54c fwknop \uc11c\ubc84\uc5d0\uac8c \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 iptables \ubc29\ud654\ubcbd\uc5d0 \uc758\ud574 \ud5c8\uc6a9\ub418\uae38 \ubc14\ub77c\ub294 \ud2b8\ub798\ud53d \uc720\ud615\uc744 \uc54c\ub824\uc900\ub2e4. fwknop \uc11c\ubc84\ub294 \uc774 \ubb38\uc790\uc5f4\uc740 \uad6c\ubb38 \ubd84\uc11d\ud574\uc11c \ud3ec\ud2b8\uc640 \ud504\ub85c\ud1a0\ucf5c\uc744 \uad6c\ud55c \ud6c4 iptables \uac00 \uc774\ub97c \ud5c8\uc6a9\ud558\uac8c \uc815\ucc45\uc744 \uc801\uc808\ud788 \uc7ac\uc124\uc815\ud55c\ub2e4.<\/p>\n
– \uba85\ub839 \ubb38\uc790\uc5f4 : fwknop \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc11c\ubc84\uc5d0\uc11c \uc2e4\ud589\ud558\uace0\uc790 \ud558\ub294 \uc804\uccb4 \uba85\ub839\uc774\ub2e4.<\/p>\n
– \ud328\ud0b7 MD5 \ud569 : MD5 \ud569\uc740 fwknop \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uac8c\uc0b0\ud558\uba70 \ud328\ud0b7\uc774 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \uc804\uc18c\uc624\ub514\ub294 \ub3c4\uc911 \ubcc0\uaca8\uc624\ub514\uc9c0 \uc54a\uc558\ub2e4\ub294 \uac83\uc744 \ucd94\uac00\uc801\uc73c\ub85c \ud655\uc778\ud558\uae30 \uc704\ud574 SPA \ud328\ud0b7\uc5d0 \ud3ec\ud568\ub41c\ub2e4.<\/p>\n
– \uc11c\ubc84 \uc778\uc99d \ubc29\ubc95 : \uc774 \ud56d\ubaa9\uc740 fwknop 0.9.6 \ubc30\ud3ec\ud310\uc5d0\uc11c \ud328\ud0b7 \ud615\uc2dd\uc5d0 \ucd94\uac00\ub410\ub2e4. fwknop \uc11c\ubc84\ub294 \uc774 \uac12\uc744 \ud1b5\ud574\uc11c SPA \ud328\ud0b7 \ub0b4\uc5d0 \ucd94\uac00\uc801\uc778 \uc778\uc99d \ub9e4\uac1c\ubcc0\uc218\ub97c \uc694\uad6c\ud560 \uc218 \uc788\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
* fwknop \uc124\uce58 fwknop \uc758 \uc124\uce58\ub294 http:\/\/www.cipherdyne.org\/fwknop\/download\/ \uc5d0\uc11c \ucd5c\uc2e0 \uc18c\uc2a4 tarball \uc774\ub098 RPM\uc744 \ubc1b\ub294 \uac83\uc774\ub2e4. \uc5ed\uc2dc MD5 \ud569\uc744 \ud655\uc778\ud558\ub294 \uac83\uc774 \uc88b\uc73c\uba70, \ubcf4\uc548\uc801 \uad00\uc810\uc5d0\uc11c\ub294 GnuPG \uc11c\uba85\uc744 \ud655\uc778\ud558\uae30 \uc704\ud574 GnuPG\ub97c \uc0ac\uc6a9\ud558\ub294 \uac83\uc774 \ub354 \uc88b\ub2e4. \ubc1b\uc740 \ud30c\uc77c\uc774 \uc548\uc804\ud558\ub2e4\uace0 \ud310\uba85\ub418\uba74 \uc124\uce58 \uacfc\uc815\uc744 \uc9c4\ud589\ud560 \uc218 … Continue reading