fwknop: Use sensible defaults.

* Change KEY/HMAC_KEY to __CHANGEME__, which is rejected by fwknopd during start-up. The value CHANGEME is used only by LuCI package luci-app-fwknopd - pull request for generating keys directly from LuCI has been created already. * Add sensible defaults for ENABLE_IPT_FORWARDING and ENABLE_NAT_DNS, which both are/were set by luci-app-fwknopd. Move the defaults here. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
author: Oldřich Jedlička <oldium.pro@gmail.com> 2020-10-15 17:48:12 +0200
committer: Oldřich Jedlička <oldium.pro@gmail.com> 2020-10-15 20:11:30 +0200
commit: 53e9a3296a41156c9fd6b52ff8dfdcbb54e5a023 (patch)
tree: ab9714acd1a05b3666d67fcccfe51126bfb24038 /net/fwknop/files
parent: ddcc273f0829090c7175e9ac49df254c0945d8f3 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/net/fwknop/files/fwknopd b/net/fwknop/files/fwknopd
index e6db76b33..d830b10d9 100644
--- a/net/fwknop/files/fwknopd
+++ b/net/fwknop/files/fwknopd
@@ -8,10 +8,18 @@ config network
 
 config access
 	option SOURCE 'ANY'
-	option HMAC_KEY 'CHANGEME'
-	option KEY 'CHANGEME'
+	option HMAC_KEY '__CHANGEME__'
+	option KEY '__CHANGEME__'
 
 config config
 	# Alternative direct physical interface definition, but untracked - you
 	# are on your own to correctly start/stop the service when needed
 #	option PCAP_INTF 'eth0'
+
+	# Allow SPA clients to request access to services through an iptables
+	# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
+	# chain instead of the INPUT chain
+	option ENABLE_IPT_FORWARDING 'Y'
+
+	# Allow fwknopd to resolve hostnames in NAT access messages
+	option ENABLE_NAT_DNS 'Y'
author	Oldřich Jedlička <oldium.pro@gmail.com>	2020-10-15 17:48:12 +0200
committer	Oldřich Jedlička <oldium.pro@gmail.com>	2020-10-15 20:11:30 +0200
commit	53e9a3296a41156c9fd6b52ff8dfdcbb54e5a023 (patch)
tree	ab9714acd1a05b3666d67fcccfe51126bfb24038 /net/fwknop/files
parent	ddcc273f0829090c7175e9ac49df254c0945d8f3 (diff)