@Tomas J It is a very optimistic assumption that a user will have a unique IP. How many employees are concealed behind a nationwide or international corporate gateway? How does it look like with mobile carriers, that operate their IPv6 devices behind an IPv4 proxy? A server would be open to all mobile telephone subscribers at once.
Sorry for being rude, but the concept is junk!
Don’t get me wrong, I’m not advocating for it. There’s a reason “nothing” supports it. The same reason I chose not to use it. It’s just not good enough.
But it’s not a large attack surface for somebody to have the same address AND attempt to connect at just the right time. The firewall should allow a single connection, then close off again, retaining the established connection. So it’s not like you’d be exposed to the whole network while one person is connected.
It’s not a terrible concept, but there are better options out there. Much better. It would take much less time to learn how to setup an SSH tunnel than it would to learn how to code the firewall accordingly, AND be more secure as a result. There’s no reason to select port knocking instead of SSH or a VPN.