% echo -e 'e.g.,\n'
% iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- foo.bar.qux.def 0.0.0.0/0 tcp dpt:22
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
% cat /etc/knockd.conf
[openSSH]
sequence = foobar,def,plugh,fred,xyzzy,thud
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = thud,def,fred,foobar,xyzzy,plugh
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
% knock -v foo.bar.qux.quux foobar def plugh fred xyzzy thud
% echo 'however, knocks can be sent via netcat, hping, packit, etc.'
% echo 'open_port command executed @foo.bar.qux.def.'
% echo 'do sleep 16; while job_done; done...'
% knock -v foo.bar.qux.quux thud def fred foobar xyzzy plugh
% echo 'close_port command now executed @specific.host. all set. w00t!'
n.b.
#01. {def,foobar,fred,plugh,thud,xyzzy} == (tcp || udp) ports.
#02. use as many as you want... anyway, 3 should be just fine (read as `secure').
. ..: