Listing 2. A simple /etc/knockd.conf file,
which requires successive knocks on ports 7005, 7007
and 7006 in order to enable secure shell (SSH) access.

[opencloseSSH]
  sequence      = 7005,7006,7007
  seq_timeout   = 15
  tcpflags      = syn
  start_command = /usr/sbin/iptables -s %IP% -I input_ext 1
                  ↪-p tcp --dport ssh -j ACCEPT
  cmd_timeout   = 30
  stop_command  = /usr/sbin/iptables -s %IP% -D input_ext
                  ↪-p tcp --dport ssh -j ACCEPT