From 53e9a3296a41156c9fd6b52ff8dfdcbb54e5a023 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Old=C5=99ich=20Jedli=C4=8Dka?= Date: Thu, 15 Oct 2020 17:48:12 +0200 Subject: [PATCH] fwknop: Use sensible defaults. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Change KEY/HMAC_KEY to __CHANGEME__, which is rejected by fwknopd during start-up. The value CHANGEME is used only by LuCI package luci-app-fwknopd - pull request for generating keys directly from LuCI has been created already. * Add sensible defaults for ENABLE_IPT_FORWARDING and ENABLE_NAT_DNS, which both are/were set by luci-app-fwknopd. Move the defaults here. Signed-off-by: Oldřich Jedlička --- net/fwknop/Makefile | 2 +- net/fwknop/files/fwknopd | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile index 54b886177..5a79dd4c6 100644 --- a/net/fwknop/Makefile +++ b/net/fwknop/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fwknop PKG_VERSION:=2.6.10 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download diff --git a/net/fwknop/files/fwknopd b/net/fwknop/files/fwknopd index e6db76b33..d830b10d9 100644 --- a/net/fwknop/files/fwknopd +++ b/net/fwknop/files/fwknopd @@ -8,10 +8,18 @@ config network config access option SOURCE 'ANY' - option HMAC_KEY 'CHANGEME' - option KEY 'CHANGEME' + option HMAC_KEY '__CHANGEME__' + option KEY '__CHANGEME__' config config # Alternative direct physical interface definition, but untracked - you # are on your own to correctly start/stop the service when needed # option PCAP_INTF 'eth0' + + # Allow SPA clients to request access to services through an iptables + # firewall instead of just to it (i.e. access through the FWKNOP_FORWARD + # chain instead of the INPUT chain + option ENABLE_IPT_FORWARDING 'Y' + + # Allow fwknopd to resolve hostnames in NAT access messages + option ENABLE_NAT_DNS 'Y'