Cell network natting breaks function of fwknop, customize rules?

[mgaulton]

Hi There, I'm trying to get this configured specifically for ssh right now and running into a weird issue. I have a fairly indepth firewall and discovered that no packets make it to the FWKNPT_INPUT chain after auth is successful and the rule is created. Watching logs while no firewall shows that the SPA comes from one IP address, the ssh session a different IP in the same /16 network as far as I can tell. Wondering if there is a way to customize the created rule so that it allows the /16 temporarily or another mechanism to handle this scenario. Thank you!