Thanks for the feedback, we'll keep this in mind when we add this feature into ASL and its nice to hear that someone can make use of portknocking. Heres the original set of scripts we published back in 2004 if anyone wants to use them:
http://www.gotroot.com/blogpost7-Portknocking-in-BASH
For the benefit of all our ASL customers, we recognize that PK is an advanced feature, and thats a reality that we will always keep in mind when we add in portknocking. To do otherwise would be irresponsible for us. We always weigh every feature against the value it brings from a security perspective, and how much work that feature may generate for you. Portknocking is an advanced firewalling technique - one thats so advanced you dont see it used on commercial firewalls at all (which should be hint about some usability issues).
So if you're the kind of person that can write your own portknocking script then this is something you can definitely handle, if you can't then you may not want to use portknocking - it is something you will need to be comfortable with both firewalls and sniffers to fully debug.
If anyone wants to experiment with PK, heres a good website to get you started with lots and lots of implementations for different OSes:
http://www.portknocking.org/view/implementations
As for adding PK into ASL, I've setup a thread to discuss it:
https://www.atomicorp.com/forums/viewto ... f=7&t=4558