knockd

knockd [options]

knockd is the server component of port knocking. It listens for specific sequences of connection attempts and executes commands when a valid sequence is detected.Configuration in /etc/knockd.conf defines sequences and corresponding commands. Typical use cases include opening firewall ports for SSH access after receiving the correct knock sequence.Example configuration opens SSH:

$ [openSSH]
sequence = 7000,8000,9000
command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

-d, --daemon

Run as a daemon in the background

Use specified configuration file

Network interface to listen on

Output debug messages

Lookup DNS names for log entries

Sequences can potentially be sniffed if not using encrypted protocols. Single-packet authentication (SPA) tools like fwknop may be more secure. Configuration must be protected from unauthorized access.

Port knocking was introduced as a security-through-obscurity technique in the early 2000s. knockd remains one of the most popular implementations, though more advanced techniques like SPA have emerged.

knock(1), iptables(8), fwknop(8)