Nice idea, I like it!

It probably should be elaborated on a bit (as suggested in some of the 
articles) to prevent easy detection of a "knock" taking place (a nice 
alternative, which could also be elaborated on and/or combined with the 
usual "knock": http://doorman.sourceforge.net)

I guess a "test" implementation could be done with no changes to 
m0n0wall, simply by making a small daemon running on a machine recieving 
syslog messages from m0n0wall and using http to make the changes to the 
rules (assuming this can't be done more easily in other ways, such as 
SNMP or..?)

Of course a usable implementation should either reside completely on 
m0n0wall, or depend on a better way to monitor the filter log and change 
the firewall rules from a local machine running the "knocker daemon".

Adam.

Don Gray wrote:

> Anyone read these articles?  Any ideas how to implement with m0n0wall/IPFilter? It's an
interesting concept.
> 
> http://slashdot.org/article.pl?sid=04/02/05/1834228&mode=thread&tid=126&tid=172
> http://www.linuxjournal.com/article.php?sid=6811&mode=thread&order=0
> http://www.portknocking.org/
> 
>