Enabling/disabling port forward through CLI for knockd

I have a port forward set up to access an internal system from the Internet. Nothing new there. However I thought leaving the port forward disabled by default, then enabling it with knockd would be an easy way to configure this. Are there any problems with doing this?

I'm not good with iptables so I'm trying to take the easy/safe way out. If I enable the port forward with the command I got from "Unsaved changes" which is:

uci set firewall.cfg133837.enabled=**'1'**

followed by

/etc/init.d/firewall reload

will this do the job? Will this disrupt current open connections?

1 Like



But it should be more reliable and safe to open only a VPN port permanently.

1 Like

I agree. I've considered this and I do have OpenVPN set up on the router. The issue is sometimes I need to access this from a computer on which I'm not able to install the OpenVPN client.

1 Like

Specify the source IP if knockd provides it.
It should help to limit the scope of the firewall rule/redirect.

If you mean the IP of the connecting client, that's changes and isn't predictable. Or do you mean something else?

1 Like