[options]
      logfile = /var/log/knockd.log

[SSH]
      sequence    = 7000,8000,9000
      seq_timeout = 5
      # start_command = /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
      start_command = ufw allow ssh
      tcpflags    = syn
      cmd_timeout   = 600
      # stop_command = /usr/sbin/iptables -D INPUT -p tcp --dport 22 -j ACCEPT
      stop_command = ufw delete allow ssh