Add support for port knocking prior to establishing MQTT connection

[ben423423n32j14e]

Can we please have support for port knocking prior to establishing a connection to an MQTT server?

Eg, knock ports 1, 2, 3 then establish the MQTT connection.

Also it would need to re-knock the ports when re-establishing a connection if it drops out.

This would let me not directly expose my MQTT server to the internet.

Thanks

[deepessh]

Not sure how this could be implemented. Do you have any suggestions/ideas?

[ben423423n32j14e]

@dc297 this is how I do it on OS X using a bash script:

nc -G 1 -vz 192.168.0.5 2351 &> /dev/null &
sleep 0.1
nc -G 1 -vz 192.168.0.5 7182 &> /dev/null &
sleep 0.1
nc -G 1 -vz 192.168.0.5 874 &> /dev/null &

It just needs to make a request on each port (in this case combination of 3 ports). I'm using Netcat in the example but I could also do it by making a http request to each port using a web browser. It just needs to make the requests on each port which my firewall can see so it opens the port for the phones IP address.

I really like this method, because as I said it allows me to not have to directly expose my MQTT server to the internet which drastically reduces the chances of it getting hacked.

[deepessh]

Can you explain more about how this could be done via HTTP request