With knockd you can execute arbitrary commands upon a port knocking sequence. So any application that is configurable via terminal is eligible. Here’s a tutorial of knockd+iptables (1). Alternativly there’s (2).

You can use it wherever, as part of security in depth. It’ll have it’s largest effect on publicly facing interfaces. It does not replace having a proper ssh setup (disabling root, keys only, etc).