The raspberry Pi *should* auto start the knockd service at startup, however, I found it didn’t and needed to add these steps: sudo nano /lib/systemd/system/rviceĬapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN To see if the rule was applied, from another console sudo iptables-save For normal operation # PLEASE EDIT /etc/nf BEFORE ENABLINGĬommand = /sbin/iptables -I INPUT -s %IP% -p tcp -dport 22 -j ACCEPTįor Seeing the output while testing sudo service knockd stop # control if we start knockd at init or not Insure you have a firewall installed (UFW = Uncomplicated Firewall) sudo apt install ufwĪnd deny SSH sudo ufw deny 22 sudo apt-get update This is useful for services meant to be used only by known, legitimate users, like SSH. If a specific sequence of predefined connection attempts (or “knocks”) are made, the service will modify the firewall rules and open up connections on a specific port. Port knocking works by configuring a service to watch an interfaces for connection attempts.