fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. License: GNU General Public License (GPL) Changes: Support was added for NAT communications after a valid SPA packet is monitored so that internal systems can be reached from the external Internet. (This only works with iptables firewalls for now.) A test suite so that SPA communications can be validated in an automated way added. The ability to periodically restart the fwknop daemons based on a configurable time interval was added. (This is useful for the extra cautious.) iptables OUTPUT chain support was added for installations that do not have the conntrack modules running and that use a restrictive OUTPUT chain.

	Read more at FreshMeat
	www.pheedo.com/click.phdo?i=cf1e6ef422ca61dc8816489dad66ad5a