#!/bin/bash


echo -E "
[options]
Interface = eth1

[openNGINX]
sequence    = 8100, 7200, 13000
seq_timeout = 5
command     = /sbin/iptables -D INPUT -p tcp --dport 80 -j REJECT
tcpflags    = syn

[closeNGINX]
sequence    = 6300, 5200, 12001
seq_timeout = 5
command     = /sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT
tcpflags    = syn
" > /etc/knockd.conf

/sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT