ipt_pkd 1.13

An extension for the iptables firewall application that implements port knock detection
ipt_pkd is a free command-line software that provides an open-source iptables extension that has been designed from the ground up to implement a port knock detection system with SPA (Single Packet Authorization) functionality.

Divided in three important parts

The project is divided in three important parts, the kernel module, a user space client knock program, and the iptables user space module, called libipt_pkd.so. ipt_pkd is capable of verifying a packet with SHA256, as well as to check the time window of a packet. However, it does not sends the shared key and has limited proc support.

How does it work?

ipt_pkd’s knock packet can be described as a SHA256 has of a small header, a timestamp, a shared key and some random bytes sent via the UDP (User Datagram Protocol) protocol. Both the random bytes and the timestamp are passed in the packet, in order for the server to create the SHA256 hash and do a results comparison. If they match, the pkd module will return true. If not, it will return false.

I want to see some examples!

A simple example of using the ipt_pkd package is for protecting a SSH (Secure Shell) connection on port 22. Using the iptables rules displayed below, any new SSH connection attempt will be dropped, unless a valid knock packet is provided:

iptables -A INPUT -p udp -m pkd --key test --tag SSHK -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j REJECT --reject-with tcp-reset

It has only three options

As mentioned, ipt_pkd is a command-line applications that runs on a console environment, using an X11 terminal emulator or directly from a text-mode session. It has only three options, one that sets a shared key, one that sets the time in seconds, and another one that sets the tag for the knock key.

Reviewed by Marius Nestor on September 9th, 2014

last updated on:
September 9th, 2014, 8:01 GMT
developed by:
license type:
GPL (GNU General Public License) 
ROOT \ Security


In a hurry? Add it to your Download Basket!

softpedia rating


user rating 21



1 Screenshot
ipt_pkd - ipt_pkd is an iptables extension that can implement a port knock detection system
What's New in version 1.12
  • This version fixes a bug in knock.py when sending a knock to a site not in the configuration file or when the configuration file doesn't exist.
read full changelog

Application description

ipt_pkd is an open source security related software designed from the ground up to provide a port knock detector and s...

Add your review!