I am using knockd as part of itzg/docker-minecraft-server, which has an autopause feature that can stop the server until a client knocks on port 25565 tcp (minecraft java) or 19132 udp (minecraft bedrock). This is the current configuration:

[options]
 logfile = /dev/null
[unpauseMCServer-server]
 sequence = 25565
 seq_timeout = 1
 command = /auto/resume.sh %IP%
 tcpflags = syn
[unpauseMCServer-rcon]
 sequence = 25575
 seq_timeout = 1
 command = /auto/resume.sh %IP%
 tcpflags = syn
[unpauseMCServer-bedrock]
 sequence = 19132:udp
 command = /auto/resume.sh %IP%

While java clients work correctly, the problem is that with this setup, knockd will run resume.sh after every single UDP packet received, even after the player has joined the server. This causes knockd to crash with error pcap: can't poll on packet socket: No child processes shortly after a bedrock client joins the server.

It's possible to work around this by using something like sequence = 19132:udp, 19132:udp, 19132:udp, 19132:udp, but I'd like to suggest adding a timeout after a succesful knock sequence or an option to detect only udp packets with a specific length, as way to tell knocking/pinging apart from the actual application traffic.