port knocking regarding the class C (/24) ranges with iptables?

Which is the best port knocking solution to open a local port for
incoming connection from whole C (/24) ranges with iptables?

Let's have an iptables firewall filtering connections for two public
IP addresses: 1.2.3.4 and 1.2.3.5

If an incoming connection from 9.8.7.6 comes to port 25 at 1.2.3.4, I
would like to open/unblock port 25 at 1.2.3.5 for the whole 9.8.7/24
range.

(There is some reason why I need two separate public addresses -- I
would like to try something like transparent greylisting on the
firewall -- while the ordinary spambots tend to target the primary MX
OR the secondary MX ONLY, the full-fledged SMTP host tries both MX's)