aboutsummaryrefslogtreecommitdiff
path: root/network/knock/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/knock/README')
-rw-r--r--network/knock/README10
1 files changed, 10 insertions, 0 deletions
diff --git a/network/knock/README b/network/knock/README
new file mode 100644
index 0000000000000..1af140baead25
--- /dev/null
+++ b/network/knock/README
@@ -0,0 +1,10 @@
+Knockd and knock are a port-knock server and client, respectively. Knockd
+listens to all traffic on an ethernet (or PPP) interface, looking for
+special "knock" sequences of port-hits. A client makes these port-hits
+by sending a TCP (or UDP) packet to a port on the server. This port
+need not be open -- since knockd listens at the link-layer level, it
+sees all traffic even if it's destined for a closed port. When the
+server detects a specific sequence of port-hits, it runs a command
+defined in its configuration file. This can be used to open up holes in
+a firewall for quick access.
+