"I don't want something that runs in the kernel."
Sadly there's no explanation but one would guess he's against the added complexity of having something in the kernel.
FWIW, I've tried quite a few port knock implementations over the years (but not Marlinspike's one, which is on my todo list for months); I've eventually settled on a custom solution: since I'm running a web server anyway, I've set up an https restricted area with a cgi-bin that writes my IP/username to a temporary file. The firewall wgets the file every minute and adds/removes stuff with iptables's xt_recent. Works perfectly.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds