How to Install and Uninstall fwknop.i686 Package on Fedora 34

Last updated: January 10,2025

1. Install "fwknop.i686" package

Please follow the instructions below to install fwknop.i686 on Fedora 34

$ sudo dnf update $ sudo dnf install fwknop.i686

2. Uninstall "fwknop.i686" package

This guide covers the steps necessary to uninstall fwknop.i686 on Fedora 34:

$ sudo dnf remove fwknop.i686 $ sudo dnf autoremove

3. Information about the fwknop.i686 package on Fedora 34

Last metadata expiration check: 2:10:25 ago on Tue Sep 6 08:10:37 2022.
Available Packages
Name : fwknop
Version : 2.6.10
Release : 7.fc34
Architecture : i686
Size : 204 k
Source : fwknop-2.6.10-7.fc34.src.rpm
Repository : fedora
Summary : A Single Packet Authorization (SPA) implementation
URL : http://www.cipherdyne.org/fwknop/
License : GPLv2
Description : fwknop implements an authorization scheme known as Single Packet
: Authorization (SPA) that requires only a single encrypted packet to
: communicate various pieces of information including desired access through an
: iptables policy and/or specific commands to execute on the target system.
: The main application of this program is to protect services such as SSH with
: an additional layer of security in order to make the exploitation of
: vulnerabilities (both 0-day and unpatched code) much more difficult. The
: authorization server passively monitors authorization packets via libpcap and
: hence there is no "server" to which to connect in the traditional sense. Any
: service protected by fwknop is inaccessible (by using iptables to
: intercept packets within the kernel) before authenticating; anyone scanning for
: the service will not be able to detect that it is even listening. This
: authorization scheme offers many advantages over port knocking, include being
: non-replayable, much more data can be communicated, and the scheme cannot be
: broken by simply connecting to extraneous ports on the server in an effort to
: break knock sequences. The authorization packets can easily be spoofed as
: well, and this makes it possible to make it appear as though, say,
: www.yahoo.com is trying to authenticate to a target system but in reality the
: actual connection will come from a seemingly unrelated IP. Although the
: default data collection method is to use libpcap to sniff packets off the
: wire, fwknop can also read packets out of a file that is written by the
: iptables ulogd pcap writer or by a separate sniffer process.