Cell network natting breaks function of fwknop, customize rules?

[mgaulton]

Hi There,
I'm trying to get this configured specifically for ssh right now and running into a weird issue.
I have a fairly indepth firewall and discovered that no packets make it to the FWKNPT_INPUT chain after auth is successful and the rule is created.
Watching logs while no firewall shows that the SPA comes from one IP address, the ssh session a different IP in the same /16 network as far as I can tell.
Wondering if there is a way to customize the created rule so that it allows the /16 temporarily or another mechanism to handle this scenario.
Thank you!