knock
« Back to VersTracker
Description:
Port-knock server
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security firewall port-knock networking authentication
Install: brew install knock
About:
Knock is a lightweight port-knock server that monitors network traffic for specific sequences of connection attempts to closed ports. Upon detecting the correct sequence, it dynamically modifies firewall rules to grant the client access to a designated service. This provides an additional layer of security by keeping services invisible to port scanners until authenticated access is requested.
Key Features:
  • Lightweight and simple daemon architecture
  • Supports both single and sequential port knock patterns
  • Works with standard Linux firewalls (iptables)
  • Configurable logging for security auditing
  • UDP-based for stealthy operation
Use Cases:
  • Securing SSH access by hiding the port from scanners
  • Protecting administrative interfaces on servers
  • Implementing a 'secret handshake' for network access
  • Reducing attack surface on cloud instances
Alternatives:
  • fwknop – fwknop uses SPA (Single Packet Authorization) which sends encrypted data in one packet, while Knock requires a sequence of connection attempts.
  • PortSentry – PortSentry detects and blocks port scans reactively, whereas Knock proactively requires a specific sequence to open access.
Version History
Detected Version Rev Change Commit
Sep 11, 2025 6:17pm 0 VERSION_BUMP fa843a59
Sep 14, 2024 11:47am 0 VERSION_BUMP 6871d66b
« Back to VersTracker  |  Browse Packages  |  About