1. Install necessary packages
pkg_add fwknop vim
  1. Configure pf to use fwknop
vim /etc/pf.conf
  1. Add the following anchor to allow fwknop to modify pf rules
# /etc/pf.conf
# Place this towards the top of the file
anchor "fwknop" # ADD THIS
  1. Generate a fwknop key pair
fwknop --key-gen

[!NOTE] This will not save anywhere by default, you must copy the information displayed

  1. Using the generated information update access.conf to use the key pair
# /etc/fwknop/access.conf
SOURCE          ANY
KEY_BASE64      <KEY_HERE>
HMAC_KEY_BASE64 <HMAC_KEY_HERE>
FW_ACCESS       tcp/22 #Example using ssh
  1. Modify fwknopd to set how the daemon listens
# /etc/fwknop/fwknopd.conf
PCAP_INTF      <LISTENING_INTERFACE_NAME>
ENABLE_PF_ANCHOR Y
PF_ANCHOR_NAME   fwknop
  1. Enable and start fwknopd
rcctl enable fwknopd
rcctl start fwknopd