Recently Updated Pages
IPSet (Linux Netfilter/IPTables)
IPsets are a powerful and highly efficient way of making a dynamic firewall on a normal Linux mac...
Agent Installation
For the admin who know what they need, and needs a fast way to get it, you can use this command t...
Debugging & log levels
Things go wrong from time to time, the best way to understand more detail is to increase the log ...
Allowlist (EDLs)
The Allowlist backend makes a list of active IP address grants available via the Knocknoc server ...
Palo Alto
Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive inte...
Grant and Revoke process
The granting and revoking of access by Knocknoc occurs on a number of events, including: User ...
LOOTOTL - Last One Out Turn Off The Lights
Knocknoc keeps a track of the IPs and tries to be kind to users that share IPs. This means that i...
Additional client IP addresses
Capturing additional client IP addresses A client may exhibit behaviour where multiple IP addres...
Click to Grant/Revoke
For additional security and temporal access control, Knoc's support a "click to grant" and "click...
Getting Started
Cloud SaaS or self-hosted server? You can run your Knocknoc server either as a managed cloud ins...
Server Installation
For the admin who knows what they need and needs a fast way to get it, you can use this command t...
HAProxy
HAProxy is a fantastic reverse proxy with a massive amount of features. Knocknoc has supported HA...
Cisco (SFMC/Firepower)
The Cisco Secure Firewall Management Console (formerly known as Firepower) integration allows Kn...
Updates and Upgrades
The Knocknoc software is managed by your operating system, as such updates can be managed within ...
AWS WAF Ipset
Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a cus...
Microsoft Entra
Overview This integration is designed to manage named locations in Microsoft Azure Conditional A...
Apache Webserver
Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knoc...
Nginx
Nginx support via script was added in knocknoc-agent version 1.0.30. This allows for flexible ACL...
IPsets with Shorewall
This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dyn...
Mikrotik RouterOS
The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample ...