+1 for me, I agree with everything RKM says. It really would allow us to set stricter rules, particularly for services like ssh. My only suggestion would be to have a single field for the sequence i.e. PORT_KNOCK_SEQ = "10000:TCP;20000:UDP;15000:UDP;25000:TCP" which would allow you to buil...