--- ./knockd.conf.orig	2004-05-07 00:56:03.000000000 +0200
+++ ./knockd.conf	2011-08-17 13:19:00.000000000 +0200
@@ -1,15 +1,16 @@
 [options]
 	logfile = /var/log/knockd.log
+	interface = fxp0
 
 [openSSH]
 	sequence    = 7000,8000,9000
 	seq_timeout = 5
-	command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	command     = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22
 	tcpflags    = syn
 
 [closeSSH]
 	sequence    = 9000,8000,7000
 	seq_timeout = 5
-	command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	command     = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22
 	tcpflags    = syn