Yes, there are.  I use one for my work servers that is iptables based. 
I don't have any links for you unfortunately but I have seen them.  If 
you are really interested I can probably track down one I saw that used 
iptables and was a combination style.  I also know of an open source 
"magic packet" style that I could probably find a link for if you were 
interested.

boger said the following:
> Hello Kirk,
> Is there IPtables based port knocker? 
> I dislike idea opening ports for this purpose because they can be distinguished by some way.
> Promiscuous mode port knockers consume a lot of processor and
>  I don't think it's good for production server.
> 
> KH> A port knocker of some sort is a much more secure solution that will
> KH> allow you to block all unwanted IP's but still allow for dynamic 
> KH> addresses.  There are port knockers that listen on various ports and
> KH> work like a combination lock to open the port, and there are others that
> KH> use a more secure one time pad "magic packet" kind of authentication to
> KH> open the port for your IP.  It is more work to setup, but it is more
> KH> secure than just changing the port.  Remember a few years ago when ssh
> KH> had a remote exploit?  You probably shouldn't leave that port open.
> 
-- 
gentoo-security@g.o mailing list