# Install knock with Homebrew, apk, dnf, MacPorts, zypper, apt, pacman

Port-knock server. Version 0.8 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:knock
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install knock
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install knock
```

  Evidence: MacPorts ports tree: net/knock/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add knock
```

  Evidence: Alpine Linux edge package indexes: knock from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- dnf (92%):

```sh
sudo dnf install knock
```

  Evidence: Fedora Rawhide package metadata: knock from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- zypper (92%):

```sh
sudo zypper install knock
```

  Evidence: openSUSE Tumbleweed package metadata: knock from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

- Debian apt (92%):

```sh
sudo apt install knockd
```

  Evidence: Debian stable package indexes: knockd from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- pacman (92%):

```sh
sudo pacman -S knockd
```

  Evidence: Arch Linux sync databases: knockd from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:knock
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/knock>
- **Version:** 0.8
- **Source summary:** Port-knock server
- **Homepage:** <https://github.com/jvinet/knock>
- **Repository:** <https://github.com/jvinet/knock>
- **Upstream docs:** <https://github.com/jvinet/knock#readme>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://github.com/jvinet/knock/releases/download/v0.8/knock-0.8.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- knock (cli)
- knock_helper_ipt.sh (cli)
- knockd (cli)
- knock (alias)
- knock_helper_ipt.sh (alias)
- knockd (alias)

## Uses from macOS

- libpcap

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.8
- Local data: ok
- Upstream repository: https://github.com/jvinet/knock
- info: No package-manager update timestamp was available.
- info: No cached GitHub release or tag data was available.
## Project history and usage

knock is Judd Vinet's port-knocking server and client. It watches network traffic with libpcap for a configured sequence of port hits and runs commands, commonly firewall changes, when the sequence matches.

### Project history

The README carries a 2004 copyright notice and describes the core design that still defines the package: closed ports can receive a secret sequence because knockd sniffs link-layer traffic rather than listening on those ports. The bundled ChangeLog lists 0.1 as the initial release and shows later work adding TCP flag handling, reload behavior, timeouts, kernel-space BPF filtering, one-time sequences, interface selection, and IPv6 support.

Version 0.8 was published on 2021-04-24 with multiple fixes and IPv6 support. The GitHub repository retained a small C codebase, an example `knockd.conf`, and manpage documentation rather than growing into a larger access-control framework.

### Adoption history

knock spread through Unix-like distributions because it solved a specific sysadmin problem with a small daemon and client. Package names vary between `knock`, `knockd`, and distribution-specific formula names, but the underlying model stayed close to the original README example: a knock sequence opens SSH, and another sequence closes it.

### How it is used

A server runs `knockd` with a configuration file such as `/etc/knockd.conf`; a client runs `knock` to send TCP or UDP packets to the configured sequence. Commands usually add or remove firewall rules, so the tool is operationally simple but security-sensitive: the sequence should be treated like a shared secret and firewall commands must be written carefully.

### Why package nerds care

knock is a memorable package because it embodies a whole security pattern in a tiny Unix daemon. It is also a reminder of the early-2000s sysadmin style: libpcap, iptables commands, config files, and a tiny client were enough to make a practical layer around SSH exposure.

### Timeline

- 2004: README copyright identifies Judd Vinet's original project era.
- 0.1: ChangeLog records the initial release.
- 0.3: ChangeLog added PPP support, command timeout directives, SIGHUP config reloads, and per-port protocols.
- 0.5: ChangeLog added one-time sequences, interface selection, BPF filtering, and security fixes.
- 0.7: ChangeLog documented the target directive and consolidated OS-specific networking code.
- 2021-04-24: v0.8 release published with fixes and IPv6 support.

### Related projects

- knock is related to other port-knocking and single-packet-authorization tools, firewall managers such as iptables, packet crafting tools such as sendip, and SSH hardening workflows.

### Sources

- <https://github.com/jvinet/knock>
- <https://github.com/jvinet/knock/blob/master/ChangeLog>
- <https://github.com/jvinet/knock/releases/tag/v0.8>
- <https://raw.githubusercontent.com/jvinet/knock/master/knockd.conf>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/knockd.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** knock
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- apk - knock - 0.8.2-r2: normalized package name match | Alpine Linux edge package indexes: knock from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | A simple port-knocking daemon | https://github.com/TDFKAOlli/knock
- apk - knock-doc - 0.8.2-r2: normalized package name match | Alpine Linux edge package indexes: knock-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | A simple port-knocking daemon (documentation) | https://github.com/TDFKAOlli/knock
- apk - knock-openrc - 0.8.2-r2: normalized package name match | Alpine Linux edge package indexes: knock-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | A simple port-knocking daemon (OpenRC init scripts) | https://github.com/TDFKAOlli/knock
- dnf - knock - 0.8-13.fc44: normalized package name match | Fedora Rawhide package metadata: knock from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | A port-knocking server/client | http://www.zeroflux.org/projects/knock
- dnf - knock-server - 0.8-13.fc44: normalized package name match | Fedora Rawhide package metadata: knock-server from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | A port-knocking server/client | http://www.zeroflux.org/projects/knock
- zypper - knock - 0.8-4.4: normalized package name match | openSUSE Tumbleweed package metadata: knock from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A Port-Knocking Client | http://www.zeroflux.org/knock/
- zypper - knockd - 0.8-4.4: normalized package name match | openSUSE Tumbleweed package metadata: knockd from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A port-knocking server | http://www.zeroflux.org/knock/
- MacPorts - knock: normalized package name match | MacPorts ports tree: net/knock/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Debian apt - knockd - 0.8-2+b6: installed executable or alias match | Debian stable package indexes: knockd from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | small port-knock daemon | http://www.zeroflux.org/projects/knock
- Ubuntu apt - knockd - 0.8-2build2: installed executable or alias match | Ubuntu 24.04 LTS package indexes: knockd from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | small port-knock daemon | http://www.zeroflux.org/projects/knock
- pacman - knockd - 0.8-2: installed executable or alias match | Arch Linux sync databases: knockd from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | A simple port-knocking daemon | https://github.com/jvinet/knock


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [fwknop](https://www.automicvault.com/pkg/brew/fwknop/) - Shares av.db curated category or tags: access-control, cli, firewall, port-knocking, security.
- [libselinux](https://www.automicvault.com/pkg/brew/libselinux/) - Shares av.db curated category or tags: access-control, cli, security.
- [rush](https://www.automicvault.com/pkg/brew/rush/) - Shares av.db curated category or tags: access-control, cli, security.
- [clamav](https://www.automicvault.com/pkg/brew/clamav/) - Shares av.db curated category or tags: cli, daemon, security.
- [fail2ban](https://www.automicvault.com/pkg/brew/fail2ban/) - Shares av.db curated category or tags: cli, firewall, security.
- [pomerium](https://www.automicvault.com/pkg/brew/pomerium/) - Shares av.db curated category or tags: access-control, cli, security.
- [sshguard](https://www.automicvault.com/pkg/brew/sshguard/) - Shares av.db curated category or tags: cli, firewall, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [crip](https://www.automicvault.com/pkg/brew/crip/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security, server.

## Combined YAML source

View the package source record on GitHub. [combined/knock.yml](https://github.com/automic-vault/db/blob/main/combined/knock.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
