I really don't have a lot of experience with upstart, however created this upstart file for fwknop

#FWKNOP Daemon

description "fwknop daemon- http://cipherdyne.org/fwknop/"

start on (starting network-interface
          or starting network-manager
          or starting networking)

stop on runlevel [!023456]

console output

respawn
respawn limit 10 5

pre-start script
    test -x /usr/local/sbin/fwknopd || { stop; exit 0; }
    test -x /usr/local/sbin/iptables.sh || { stop; exit 0; }
    /usr/local/sbin/iptables.sh
end script

pre-stop script
    /usr/local/sbin/fwknopd --fw-flush
end script

exec /usr/local/sbin/fwknopd -f

I'm uncertain if the pre-stop script is necessary since I believe the fwknopd may flush the firewall rules when it exits, but I included it since I felt it wouldn't hurt.

After learning about upstart, I'm really uncertain if the knockwatch daemon is even needed because of upstart's ability to respawn a stopped process.  I really haven't done any research to test the respawn process however theoretically its supposed to restart daemons that suddenly stop.

/usr/local/sbin/iptables.sh is a script file that contains my iptables ruleset.  This part of the script may need to be altered by other user's depending on how they are initializing their iptables.