           SPELL=fwknop
         VERSION=2.6.9
  SECURITY_PATCH=1
          SOURCE=$SPELL-$VERSION.tar.bz2
         SOURCE2=$SOURCE.asc
   SOURCE_URL[0]=http://www.cipherdyne.org/$SPELL/download/$SOURCE
  SOURCE2_URL[0]=${SOURCE_URL[0]}.asc
      SOURCE_GPG=fwknop.gpg:$SOURCE2:UPSTREAM_KEY
  SOURCE2_IGNORE=signature
SOURCE_DIRECTORY="$BUILD_DIRECTORY/$SPELL-$VERSION"
        DOC_DIRS=""
        WEB_SITE=http://www.cipherdyne.org/fwknop/
         ENTERED=20070821
      LICENSE[0]=GPL
        KEYWORDS="security"
           SHORT="Single Packet Authorization and Port Knocking"
cat << EOF
fwknop stands for the "FireWall KNock OPerator", and implements an
authorization scheme called Single Packet Authorization (SPA) that is
based around iptables and libpcap. SPA requires only a single encrypted
packet in order to communicate various pieces of information including
desired access through an iptables policy and/or complete commands to
execute on the target system. By using iptables to maintain a "default
drop" stance, the main application of this program is to protect services
such as OpenSSH with an additional layer of security in order to make the
exploitation of vulnerabilities (both 0-day and unpatched code) much more
difficult. With fwknop deployed, anyone using nmap to look for sshd can't
even tell that it is listening; it makes no difference if they have a
0-day exploit or not.
EOF
