What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Universal configuration monitoring and system of record for IT.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Port Knocking!

Terminal - Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> [email protected] && knock <host> 5000 4000 3000
2009-07-28 14:08:01
User: din7
Functions: ssh
Port Knocking!

Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.

See example config file below.


logfile = /var/log/knockd.log


sequence = 3000,4000,5000

seq_timeout = 5

command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT

tcpflags = syn


sequence = 5000,4000,3000

seq_timeout = 5

command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT

tcpflags = syn


There are 6 alternatives - vote for the best!

Terminal - Alternatives

Know a better way?

If you can do better, submit your command here.

What others think

extremely sweet. always. port knocking in da bomb diggity.

Comment by linuxrawkstar 353 weeks and 1 day ago


Comment by sameet 353 weeks and 1 day ago

Nice. Though I prefer ostiary (http://ingles.homeunix.net/software/ost/index.html) for things like that.

Comment by namelessjon 353 weeks ago

That's awesome. It adds a security layer against brute forcers.

Comment by pyrho 353 weeks ago

That's the correct link to Ostiary btw: http://ingles.homeunix.net/software/ost/ .

The one above included the ')'.

Comment by pyrho 353 weeks ago

cursed brackets. Thanks for fixing that. :)

Ostiary also has a second advantage over port knocking as presented here. You can run it on an unused port (like the telnet port), and use over VPNs, which often block out the high ports often used for knocking.

Comment by namelessjon 352 weeks and 5 days ago

Whoa, what is this voodoo? That is way cooler than I'd imagine.

Comment by shurane 269 weeks ago

Your point of view

You must be signed in to comment.