blob: d830b10d9701017bfd7575dc35a8860e6a985e02 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
config global
# option uci_enabled '1'
config network
# Logical network dependency, fully tracked, fwknopd gets restarted when
# necessary. Specifying network takes precedence over config.PCAP_INTF
# option network 'wan'
config access
option SOURCE 'ANY'
option HMAC_KEY '__CHANGEME__'
option KEY '__CHANGEME__'
config config
# Alternative direct physical interface definition, but untracked - you
# are on your own to correctly start/stop the service when needed
# option PCAP_INTF 'eth0'
# Allow SPA clients to request access to services through an iptables
# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
# chain instead of the INPUT chain
option ENABLE_IPT_FORWARDING 'Y'
# Allow fwknopd to resolve hostnames in NAT access messages
option ENABLE_NAT_DNS 'Y'
|