Which is the best port knocking solution to open a local port for
incoming connection from whole C (/24) ranges with iptables?

Let's have an iptables firewall filtering connections for two public
IP addresses: and

If an incoming connection from comes to port 25 at, I
would like to open/unblock port 25 at for the whole 9.8.7/24

(There is some reason why I need two separate public addresses -- I
would like to try something like transparent greylisting on the
firewall -- while the ordinary spambots tend to target the primary MX
OR the secondary MX ONLY, the full-fledged SMTP host tries both MX's)