How to Configure fwknopd.conf for Single Packet Authorization (SPA)

Step-by-Step: Change fwknop’s Listening UDP Port for Better Security

We have two configuration files for fwknop: fwknopd.conf and access.conf. The fwknopd.conf includes server configuration, while the access.conf includes stanza access configuration. To modify the UDP port number, we add ENABLE_UDP_SERVER and UDPSERV_PORT in fwknopd.conf, as shown below:

ENABLE_UDP_SERVER           Y;
UDPSERV_PORT                <YOUR PORT>;

tip

After restarting fwknopd, the modified port number takes effect. Please note that you need to open the new udp port number in firewalls like iptables.

How to Enable fwknopd TCP Server Mode

fwknop not only offers UDP-based knocking mode but also TCP mode. If you need to start fwknop's TCP mode, please add the following configuration to fwknopd.conf:

ENABLE_TCP_SERVER           Y;
TCPSERV_PORT                <YOUR PORT>;
PCAP_FILTER                 tcp port <YOUR PORT>;

tip

Note that when starting, do not add the -U argument, -U represents starting in UDP mode, which will override the TCP mode configured, because fwknopd can only choose one mode and cannot exist simultaneously. Example start command: fwknopd -a server/access.conf -c /usr/local/etc/fwknop/fwknopd.conf After restarting fwknopd, the modified port number takes effect. Please note that you need to open the new tcp port number in firewalls like iptables.

Step-by-Step: Change fwknop’s Listening UDP Port for Better Security​

How to Enable fwknopd TCP Server Mode​

Step-by-Step: Change fwknop’s Listening UDP Port for Better Security

How to Enable fwknopd TCP Server Mode