I currently have a router setup with a multitude of dst-nat/forward chains and input chains to allow certain dst-nat activities when connecting to the correct port.
Right now, these rules are always open for those with correct authentication and port numbers etc.

I like port knocking setups in that it allows you to connect from the same device that you knocked from, however, I would like a slightly simpler setup where:
- Any device can knock the ports in the right order
- Once the port knock is successful, all my forward/dst-nat chains are available for anyone to connect for one hour, after which they become unavailable again.

e.g. I want to be able to execute the knock on my phone, and then connect to my network resources from my laptop.
If the knock is not executed, the firewall blocks all incoming connections.

Any easy way to achieve this?

The usual way is to add source address to list and then allow connections matching src-address-list=<knocked>. If all your rules are for same destination address, then you could simply use action=add-dst-to-address-list and dst-address-list=<knocked> instead. The only address that list can even contain will be your router's address, but it's fine.

If this wouldn't be enough, then a script could work. Run if from scheduler periodically, let it check if given address list contains any address, and turn some jump rule on/off based on that.

Great, I wondered about that... I'm assuming that if the dst-address is no longer in the knocked address list, the firewall rule will block everything.
So I guess all my other rules should have dst-address list set to knocked
Thanks so much, I will try that!