Welcome to barricade, a simple implementation of the port knocking method aimed to open your network service or firewall only if a special icmp echo request packet is sniffed from the network interface. After the last valid packet received, barricade waits for a defined amount of time, then it closes your firewall or stops your services. There is a client included in the package called barricade_client that helps you to create special icmp packets containing the password.


Click here to view the changelog


Here you can find the source code tarball or the binary debian package for Woody.

Tarball Installation

To compile barricade you need gcc and libpcap headers (>= 0.6.2).
Simply run
to compile the program and

    make install
to install. Installation paths are defined in ./scripts/ This script is
suitable for debian users (and perhaps for many other distros) but you may need to
edit some parameters. Don't forget to edit to reflect changes made on if you plan to uninstall barricade. 
./etc/barricade.conf is a sample configuration file, with comments. Edit this file to
suit your needs and put it on /etc/.

Debian Installation

Download the tarball then run

    make deb
    dpkg -i barricade-0.0.1.deb
to install barricade on your debian distro. dpkg will select the package libpcap0
automatically (debian rules ;)). The configuration file is /etc/barricade.conf.
After editing this file, run

    /etc/init.d/barricade start
to start daemon.


Barricade is released under the GNU GPL


barricade was developed only for fun in May 2004 by Francesco Vannini. Feel free to
send me an email concerning barricade bugs, improvements, advices, comments or whatever
you want to

Enjoy barricade :)

Hosted by