1. Forum
  2. DOVE-Net
  3. Programming

  • knockd

    From fusion@VERT/CFBBS to All on Tuesday, June 09, 2026 22:12:00
    i've been tinkering with allowing off-site connections to my Jellyfin server from unknown IP addresses (yet expectedly legitimate users) using 'knockd' ..

    the premise is basically that you use an app (i use a Android app for convenience called "Knock on Ports") that sends x amount of tcp connections to a server in a specific order which knockd can watch for. if they're done correctly, and in the right order, knockd runs a firewall command that allows the IP that the 'knock' came from to connect to the Jellyfin server.

    for example, let's say Knock on Ports is configured to connect to a server

    once on port 12345
    once on port 54321
    once on port 11111

    these aren't actually open ports knockd just sees the failed connections to them.

    knockd sees those come in that order (with a set timeout) and runs something like:

    iptables -I INPUT -s %IP% -p tcp -j ACCEPT

    et voila, the user can connect to the server through the firewall. for a personal implementation you could also do the reverse (the full command but -D INPUT instead) to close it off again, for public wifi or whatever.

    but i was thinking this might be useful for BBSes. perhaps come up with a simple algorithm that takes the provided hostname's first three letters (or so) in ascii and converts it:

    c - ascii = 099 + 2000 = port 2099
    f - " = 102 + 1000 = port 1102
    b - " = 098 - 3000 = port 2902 (abs)
    b - " = 098 - 2000 = port 1902 (abs)

    etc. or just send a syncterm specific set (maybe just 'sync'). probably avoid using subdomains like 'bbs' or in the case of synchro.net, specifically use them. *shrug*

    if a BBS in your dialing directory is configured to use it ("knock first" turned on or whatever) then it could send the sequence of connections first to tell the BBS to open the port up.



    it looks like there's a Windows implementation that uses python:

    https://github.com/KJ-black/windows-knock

    so it would seem Windows has gotten past needing npcap for these sorts of things (or hidden in the Windows Python implementation?), or the capability of watching for connections on ports you haven't opened seems to be there already?

    the popular linux one is here:

    https://github.com/jvinet/knock

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    * Origin: cold fusion - cfbbs.net - grand rapids, mi
  • From phigan@VERT/TACOPRON to fusion on Tuesday, June 09, 2026 22:51:53
    Re: knockd
    By: fusion to All on Tue Jun 09 2026 10:12 pm

    but i was thinking this might be useful for BBSes. perhaps come up with a simple algorithm that takes the provided hostname's first three letters (or

    This is a cool idea. Especially if it were some kind of "underground" BBS :). Most modern BBS software can handle the bot connections and whatnot just fine, though, so it wouldn't really be NECESSARY, just nice.

    This should also get built into the "Busy BBS" programs that people use for older system BBSes.

    ---
    þ Synchronet þ TIRED of waiting 2 hours for a taco? GO TO TACOPRONTO.bbs.io
  • From poindexter FORTRAN@VERT/REALITY to fusion on Wednesday, June 10, 2026 06:58:11
    fusion wrote to All <=-

    i've been tinkering with allowing off-site connections to my Jellyfin server from unknown IP addresses (yet expectedly legitimate users)
    using 'knockd' ..

    We used port knocking to access a dev environment onsite from our OT
    network and it worked well. I hadn't thought about it in an interactive
    (user) environment before.





    ... Don't give Chad a big neural network
    --- MultiMail/Win v0.52
    þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.