Merge pull request #13678 from oldium/update-fwknopd-defaults

fwknop: Use sensible defaults.

net/fwknop/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fwknop
 PKG_VERSION:=2.6.10
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download

net/fwknop/files/fwknopd

@@ -8,10 +8,18 @@ config network
 
 config access
 	option SOURCE 'ANY'
-	option HMAC_KEY 'CHANGEME'
+	option HMAC_KEY '__CHANGEME__'
-	option KEY 'CHANGEME'
+	option KEY '__CHANGEME__'
 
 config config
 	# Alternative direct physical interface definition, but untracked - you
 	# are on your own to correctly start/stop the service when needed
 #	option PCAP_INTF 'eth0'
+
+	# Allow SPA clients to request access to services through an iptables
+	# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
+	# chain instead of the INPUT chain
+	option ENABLE_IPT_FORWARDING 'Y'
+
+	# Allow fwknopd to resolve hostnames in NAT access messages
+	option ENABLE_NAT_DNS 'Y'