Authenticated port knocking

Letmein is a simple port knocker with a simple and secure authentication mechanism.

It can be used to hide services on a server behind a knock authentication to reduce the attack surface of a service. The service will not be accessible unless a knock authentication is successful. In case of a successful knock, the letmeind server will only open the knocked port for the client IP address that performed the knocking. Machines with different IP addresses still won't have access to the protected service.

Machines that can't successfully authenticate the knock sequence won't be able to access the protected service.

Letmein requires an `nftables` based firewall. It will *not* work with `iptables`.

The development source code of letmein can be downloaded using the Git version control system as follows:

git clone

To browse the Git repository online, go to the repository web interface.
Or download the compressed snapshot.
A mirror of the repository is available on GitHub, GitLab, Bitbucket and on
If you want to contribute to letmein, please read the contribution guidelines first.

letmein is stable/production quality software.
That means its features are well tested and the remaining amount of bugs probably is minor. The software does include a reasonable amount of documentation.

If you find any bugs in letmein or if you have any suggestion for new features, we would like to hear from you.
Your help is greatly appreciated and will help to create better software and improve the overall experience for everybody. So don't hesitate to report anything that that limits your letmein usage.

If you have got any code improvements or other improvements that should be merged into the project, please send such enhancements to the letmein maintainer.

Please read the contribution guidelines first.

Copyright (C) Michael Büsch
Licensed under the terms of the MIT license or under the terms of the Apache License version 2.0, at your option. See the sourcecode for details.

Updated: Monday 10 June 2024 19:28 (UTC)
xhtml / css