What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

knock v1.1 (Updated 20DEC2025) - router commands for non-admin users

R

rung

Senior Member

Introduction​

Knock is a utility that enables the router to execute preselected commands without having to ssh in or access the GUI. The preselected commands are executed using port "knocks". This utility didn't need any special software to implement this as it utilizes the router's built-in firewall logging capability. Note that this concept was originally proposed in 2012 by @RMerlin here but as far as I could tell, no one took him up on the idea. I originally developed this tool to enable my family to wake-up a PC without requiring a special app or password access to the router. I then quickly realized it could have lots of other uses (see examples section below). I turned to @Viktor Jaep for help in order to make this generally available to the community. He graciously reviewed and provided lots of input, not only to fix bugs, but make it better follow @thelonelycoder well-thought-out AddOn guidelines.

Install/Uninstall Instructions​

To Install​

  1. ssh into the router and enter the following command:
    Code: 
    curl --retry 3 "https://raw.githubusercontent.com/Rung-Asus/Knock/main/knock.sh" -o /jffs/scripts/knock.sh && chmod 755 /jffs/scripts/knock.sh && sh /jffs/scripts/knock.sh -install
  2. Next update the "knock.cfg" configuration file in the /jffs/addons/knock.d/ folder (see configuration file format section below):
    Code: 
    nano /jffs/addons/knock.d/knock.cfg
  3. Finally run the following command:
    Code: 
    /jffs/scripts/knock.sh -start
Once started, knock.sh will display the current configuration with each command shown with the URL you can use to execute it. Here is an example screen shot:
knock_v1p1_start_example.png

To Update Configuration​

  1. Stop knock from running:
    Code: 
     /jffs/scripts/knock.sh -stop
  2. Then update the configuration file:
    Code: 
    nano /jffs/addons/knock.d/knock.cfg
  3. Finally restart knock:
    Code: 
    /jffs/scripts/knock.sh -start
  4. To show the current configuration file with the URLs interpreted run:
    Code: 
    /jffs/scripts/config.sh -config

To Download the Latest Version of Knock.sh​

Run the following command:
Code: 
/jffs/scripts/knock.sh -update

Knock will show the version installed and the version on Github and give you the option to download and update. Here is an example screenshot of the update process:
knock_v1p1_update_example.png

To Uninstall​

Run the following command:
Code: 
/jffs/scripts/knock.sh -uninstall

Configuration File Format​

The format of the configuration file is:
  1. Any line that doesn't start with a "#" or empty provides a new command to be executed
  2. Each command line provides three important items: the port number that will execute the command, the interface(s) which this port knock will be received, and the command itself:
    Code: 
    Port Number <space> Interface(s) [comma separated] <space> Command to execute [to end of line]
So, for example, with a configuration file with this command line:
Code: 
#Comments and blank lines allowed

#Port_Num  Interface(s)    Commands
#The comment before each command will be shown when displaying the configuration
#This comment can describe the following command which here is ether-wake command to a specific PC
44444      br0    ether-wake -i br0 xx:xx:xx:xx:xx:xx
Users can now execute the ether-wake command on a specific PC by sending a port knock from main lan interface by browsing to the following url: http://192.168.50.1:44444

Example Use Cases​

  1. Allow a user on local LAN, using the wireguard server, or the Tailscale server to wake up a specific PC. Put the following line in the config file:
    Code: 
    44444 br0,lo,wgs1 ether-wake -i br0 xx:xx:xx:xx:xx:xx
  2. Allow that same user to reboot router:
    Code: 
    44445 br0,lo,wgs1 reboot
  3. Allow a user on the local LAN to run a custom script that enables something (e.g. a VPN Director rule):
    Code: 
    44446 br0 /jffs/scripts/enable-example.sh
  4. Allow same user to run a complementary disable script:
    Code: 
    44447 br0 /jffs/scripts/disable-example.sh
Other use case possibilities from @Viktor Jaep include:
  1. Kick off a backup -- like using "sh /jffs/scripts/backupmon.sh -backup"
  2. Turn lights on and off with @JGrana 's huetil and uKasa apps
  3. Initiate a WAN failover with the wan_failover script

Acknowledgments​

Many thanks to @Viktor Jaep for all his help, input, and testing of this script! Portions in this script were derved from @Viktor Jaep's awesome Tailmon script. Original concept credit to @RMerlin (https://www.snbforums.com/threads/wake-on-lan-per-http-https-script.7958/post-47811)

Change Log​

v1.0: Initial Release
v1.1: Added better reporting of current configuration including URL example based on interface and port (see new screen shot in the Install section), documented "Update" function which will download and install the latest version
 
Last edited:
Congrats on publishing your first official script, @rung! Looking forward to seeing it getting enhanced more & more over time! :)
 
Very nice work, simple, so well done to you!

I probably won’t use it myself, but couple of questions if I may, for folks that might:
  • Just thinking about your target audience, is the Code parameter limited to numerical figures or could it be e.g, Wake_Up_Johhny instead?
  • Whilst not part of the code, is there a simple way, apart from giving someone a link on their Windows desktop with a nice wee icon, or using an iOS shortcut for the same, that you can associate a button with the URL?
  • Would you be able to supply a (full?) list of other example commands?
 
jksmurf said:
Very nice work, simple, so well done to you!

I probably won’t use it myself, but couple of questions if I may, for folks that might:
  • Just thinking about your target audience, is the Code parameter limited to numerical figures or could it be e.g, Wake_Up_Johhny instead?
  • Whilst not part of the code, is there a simple way, apart from giving someone a link on their Windows desktop with a nice wee icon, or using an iOS shortcut for the same, that you can associate a button with the URL?
  • Would you be able to supply a (full?) list of other example commands?
Click to expand...
Once you have the link working such as http://192.168.50.1:44444/, you can share that link to everyone and have them bookmark it. The bookmark title can then be renamed to whatever it does (this is what I do anyway)
 
rung said:
Once you have the link working such as http://192.168.50.1:44444/, you can share that link to everyone and have them bookmark it. The bookmark title can then be renamed to whatever it does (this is what I do anyway)
Click to expand...
The first question was I guess more that the person setting it up did not have to remember what 44444 does and what 44445 does but I guess it’s mostly one off in any case. All good.
 
jksmurf said:
The first question was I guess more that the person setting it up did not have to remember what 44444 does and what 44445 does but I guess it’s mostly one off in any case. All good.
Click to expand...
I agree. Someday I can envision a user interface for the script instead of a config file. It could then display the url for easy copy/paste or bookmarking!
 
Here's another set of commands I use regularly:

These are in my knock.cfg file:
Code: 
#turn on vpn client
44446 br0 /jffs/scripts/enable-wireguard-rule.sh

#turn off vpn client
44447 br0 /jffs/scripts/disable-wireguard-rule.sh

These call /jffs/scripts/enable-wireguard-rule.sh:
Bash: 
#!/bin/sh
sed -i 's/<0>VPN on Cell>/<1>VPN on Cell>/g' /jffs/openvpn/vpndirector_rulelist
service restart_vpnrouting
And /jffs/scripts/disable-wireguard-rule.sh:
Bash: 
#!/bin/sh
sed -i 's/<1>VPN on Cell>/<0>VPN on Cell>/g' /jffs/openvpn/vpndirector_rulelist
service restart_vpnrouting

Of course, I have a VPN Director rule called "VPN on Cell"
 
Knock.sh updated to version 1.1!
Updates include :
  1. Added better reporting of current configuration including URL example based on interface and port (see new screen shot in the Install section of the first post) [Partially addressing @jksmurf request]
  2. Documented "Update" function which will download and install the latest version. If you already have Knock.sh installed run the following command to update to v1.1:
    Bash: 
    /jffs/scripts/knock.sh -update
 
You must log in or register to reply here.

Similar threads

P
Unbound repeated dnsmasq restarts
Replies
2
Views
242
penguin22
P
C
Is changing Iptables in Asuswrt-Merlin considered acceptable network management practice?
Replies
11
Views
2K
RMerlin
RMerlin
r80xcore
MerVLAN v0.51 Simple and Powerful VLAN Management **BETA**
3 4 5
Replies
98
Views
7K
r80xcore
r80xcore
R
WANFailover WAN Failover v2.2.0 Release
2
Replies
36
Views
5K
Ranger802004
R
Viktor Jaep
VPNMON VPNMON-R3 v1.8.2 -Nov 23, 2025- Monitor OpenVPN/Wireguard WAN/Dual-WAN Health & Random Reset Multiple Connections (Available in AMTM!) - v1.8.3Beta2
8 9 10
Replies
199
Views
25K
scootertramp
S

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,498 (members: 12, guests: 1,486)
Back
Top