Fwknop software allows for easy communication of encrypted info requiring only one packet for authorization purposes.
The program is able to communicate various pieces of information, including desired access through a Netfilter policy and/or complete commands to execute on the target system. By using Netfilter to maintain a "default drop" stance, fwknop makes it much more difficult to exploit vulnerabilities (both 0-day and unpatched code).
One unique feature of fwknop is that the authorization server passively monitors authorization packets via libcap, meaning there is no "server" to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored.
The program also boasts an additional layer of security by combining traditional encrypted port knocking with passive OS fingerprinting. This makes it possible to allow only specific operating systems, such as Linux-2.4/2.6 systems, to connect to your SSH daemon.
Overall, fwknop offers a reliable and secure way to protect your services with its straightforward communication scheme and added security features.
Version 1.9.12: N/A