1. Install necessary packages
1

pkg_add fwknop vim
  1. Configure pf to use fwknop
1

vim /etc/pf.conf
  1. Add the following anchor to allow fwknop to modify pf rules
1
2
3

# /etc/pf.conf
# Place this towards the top of the file
anchor "fwknop" # ADD THIS
  1. Generate a fwknop key pair
1

fwknop --key-gen

This will not save anywhere by default, you must copy the information displayed

  1. Using the generated information update access.conf to use the key pair
1
2
3
4
5

# /etc/fwknop/access.conf
SOURCE          ANY
KEY_BASE64      <KEY_HERE>
HMAC_KEY_BASE64 <HMAC_KEY_HERE>
FW_ACCESS       tcp/22 #Example using ssh
  1. Modify fwknopd to set how the daemon listens
1
2
3
4

# /etc/fwknop/fwknopd.conf
PCAP_INTF      <LISTENING_INTERFACE_NAME>
ENABLE_PF_ANCHOR Y
PF_ANCHOR_NAME   fwknop
  1. Enable and start fwknopd
1
2

rcctl enable fwknopd
rcctl start fwknopd
Backward Proxmox 9 uptime kuma push monitor setup Openbsd Totp Setup Forward