guestlist(5)                   Doorman & Knocker                  guestlist(5)

       guestlist - The secondary doormand configuration file

       The  doorman  daemon doormand requires a list of permitted "guests", or
       groups.  There must be one record per group, with the following order:

       <groupname> <secret> <port1> <port2> .. <address1> <address2> ..

       Records may span multiple lines.  The groupname MUST begin on the first
       character  of a line.  Continuation lines MUST be preceeded by at least
       one character of whitespace (tabs or spaces).  Tabs and  space  charac-
       ters may be freely used in any order.

       Any  part  of  a  line following a '#' character is ignored, and may be
       used as a comment.  Blank lines are ignored.

       This file MUST be readable and writeable by root, only.

       groupname - The name which is  sent  by  a  knock  client  to  identify
           itself.   Group  names  may be up to 32 characters in length.  Both
           group names and secrets may contain any alphanumeric character,  as
           well as the characters:  !@#$%^&*()_-+=|{};:'"<>,?/

           Note  that  whitespace  and  the  "." character (period, or decimal
           point) are not permitted.

       secret  - an authenticating password.  This is sent by the client as an
           MD5  hash  salted with the client's IP address and the rounded sec-

           Secrets may be up to 64 characters in  length,  and  use  the  same
           character set as group names. (Remember: -no- periods!)

           The  existence  of  this secret in plaintext on both the client and
           server  machines  is  the  reason  this  file,  and  the   client's
           ~/.knockcf  file,  must be readable only by their users.   Under NO
           circumstances should it correspond to anything in any 'passwd' file

       port1 port2 ..  - a whitespace-delimited list of the ports to which the
           group may connect.  A port may be specified as a number or  a  ser-
           vice  name;  that is, "22" and "ssh" are equivalent.  Service names
           are case sensitive.

       address1 address2 ..  - a whitespace-delimited list of IP addresses  or
           hostnames  from  which  the  group  may  connect.  Addresses may be
           unique, or expressed as ranges by means of  an  "/nbits"  modifier.
           Using a hostname to specify a range is permitted.  There must be no
           whitespace before or after the "/" character.

       An example record:
       group187  b1g%Hairy_[seCret}!                    # groupname & secret
                 ssh 23                                 # allowed ports
        # allowed addresses

       knock(1), knockcf(5), doormand(8),

ACKNOWLEDGEMENT                 Doorman & Knocker      

       doormand and knock are an implementation of an original idea by  Martin
       Krzywinski.  See his site at

       Copyright (c) 2003-2005, J.B.Ward

Doorman, V0.81                   Aug 14, 2005