macOS
brew install fwknoplocal Homebrew formula metadata
sudo port install fwknopMacPorts ports tree · net/fwknop/Portfile · source: api.github.com
brew
Single Packet Authorization and Port Knocking. Version 2.6.11 via Homebrew; verified 2026-06-22.
install
brew install fwknoplocal Homebrew formula metadata
sudo port install fwknopMacPorts ports tree · net/fwknop/Portfile · source: api.github.com
sudo apk add fwknopAlpine Linux edge package indexes · fwknop · source: dl-cdn.alpinelinux.org
sudo apt install fwknop-apparmor-profileDebian stable package indexes · fwknop-apparmor-profile · source: deb.debian.org
sudo dnf install fwknopFedora Rawhide package metadata · fwknop · source: dl.fedoraproject.org
nix profile install nixpkgs#fwknopnixpkgs package indexes · pkgs/by-name/fw/fwknop/package.nix · source: api.github.com
sudo pacman -S fwknopArch Linux sync databases · fwknop · source: geo.mirror.pkgbuild.com
sudo zypper install fwknopopenSUSE Tumbleweed package metadata · fwknop · source: download.opensuse.org
overview
Single Packet Authorization and Port Knocking
history
fwknop, the FireWall KNock OPerator, is a security tool for Single Packet Authorization. It conceals services behind a default-drop firewall and temporarily opens access only after a valid encrypted, authenticated, non-replayed packet is observed.
The official project page says fwknop began in 2004 as a port-knocking implementation and was the first tool to combine traditional encrypted port knocking with passive OS fingerprinting. The project later emphasized Single Packet Authorization as a stronger successor to port knocking.
The current C implementation includes libfko, client and server applications, and support for Linux iptables and firewalld, OpenBSD PF, FreeBSD and macOS ipfw, and custom scripts. The README describes the project state around the 2.5 release in July 2013, when libfko, the client, and fwknopd server formed the core distribution.
The official site continues to publish releases, with the project page listing 2.6.11 as the latest release and the blog showing a 2024 software release post.
fwknop became known in the security community through port-knocking and SPA discussions. The official project page notes two Slashdot appearances in 2004 and 2005, one about combining port knocking with OS fingerprinting and another about going beyond port knocking with single-packet access.
Package metadata shows fwknop in multiple Unix-like package ecosystems, and upstream documentation covers Linux, BSD, macOS, Windows under Cygwin, Android clients, and graphical clients. Its adoption is strongest among administrators who want SSH or internal services invisible to ordinary scans.
A typical deployment generates encryption and HMAC keys, stores client settings in `~/.fwknoprc`, places shared authorization material in `/etc/fwknop/access.conf`, starts `fwknopd`, and keeps the protected service blocked by default firewall policy until a valid SPA packet arrives.
The tutorial focuses on SSH concealment, NAT gateway use, cloud environments, replay protection, HMAC authenticated encryption, and the operational tradeoff of needing both a client and a daemon.
fwknop is significant because it turns firewall access into a packageable client-server protocol with config files, manpages, libraries, distro packages, and alternate clients. It is not just a security script; it is an ecosystem around SPA packets and firewall rule orchestration.
For maintainers, fwknop is also a reminder that security packages often include sensitive config defaults, key files, init or service integration, firewall backend differences, and compatibility with old protocol modes.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.fwknoprc/etc/fwknop/fwknopd.conf/etc/fwknop/access.confCredential-bearing paths to review before unattended agent runs.
~/.fwknoprc/etc/fwknop/access.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
fwknop | cli | global executable | |
fwknopd | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://www.cipherdyne.org/fwknop/
install metadata
| Package key | brew:fwknop |
|---|---|
| Version | 2.6.11 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/fwknop |
| Homepage | https://www.cipherdyne.org/fwknop/ |
| Repository | https://github.com/mrash/fwknop |
| Upstream docs | https://www.cipherdyne.org/fwknop |
| License | GPL-2.0-or-later |
| Source archive | https://www.cipherdyne.org/fwknop/download/fwknop-2.6.11.tar.gz |
| Last updated | 2026-06-22T14:03:23-07:00 |
| Pulse | updated |
| Dependencies | gpgme, libassuan, libgpg-error |
| Build dependencies | texinfo |
| Uses from macOS | libpcap |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | fwknop |
| Version Scheme | 0 |
| Revision | 1 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
fwknop-apparmor-profile 2.6.11-2
FireWall KNock OPerator - Apparmor profile
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-apparmor-profilefwknop-client 2.6.11-2+b1
FireWall KNock OPerator client side - C version
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-clientfwknop-server 2.6.11-2+b1
FireWall KNock OPerator server side - C version
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-serverlibfko-doc 2.6.11-2
FireWall KNock OPerator - documentation
https://www.cipherdyne.com/fwknop/
sudo apt install libfko-doclibfko-perl 2.6.11-2+b1
FireWall KNock OPerator - Perl module
https://www.cipherdyne.com/fwknop/
sudo apt install libfko-perllibfko3-dev 2.6.11-2+b1
FireWall KNock OPerator - development library
https://www.cipherdyne.com/fwknop/
sudo apt install libfko3-devlibfko3t64 2.6.11-2+b1
FireWall KNock OPerator - shared library
https://www.cipherdyne.com/fwknop/
sudo apt install libfko3t64fwknop
nix profile install nixpkgs#fwknopfwknop-apparmor-profile 2.6.10-20.2build3
FireWall KNock OPerator - Apparmor profile
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-apparmor-profilefwknop-client 2.6.10-20.2build3
FireWall KNock OPerator client side - C version
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-clientfwknop-server 2.6.10-20.2build3
FireWall KNock OPerator server side - C version
https://www.cipherdyne.com/fwknop/
sudo apt install fwknop-serverlibfko-doc 2.6.10-20.2build3
FireWall KNock OPerator - documentation
https://www.cipherdyne.com/fwknop/
sudo apt install libfko-doclibfko-perl 2.6.10-20.2build3
FireWall KNock OPerator - Perl module
https://www.cipherdyne.com/fwknop/
sudo apt install libfko-perllibfko3-dev 2.6.10-20.2build3
FireWall KNock OPerator - development library
https://www.cipherdyne.com/fwknop/
sudo apt install libfko3-devlibfko3t64 2.6.10-20.2build3
FireWall KNock OPerator - shared library
https://www.cipherdyne.com/fwknop/
sudo apt install libfko3t64fwknop 2.6.11-r2
Single Packet Authorization (SPA) implementation
https://cipherdyne.org/fwknop/
sudo apk add fwknopsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.