config global
#	option uci_enabled '1'

config network
	# Logical network dependency, fully tracked, fwknopd gets restarted when
	# necessary. Specifying network takes precedence over config.PCAP_INTF
#	option network 'wan'

config access
	option SOURCE 'ANY'
	option HMAC_KEY '__CHANGEME__'
	option KEY '__CHANGEME__'

config config
	# Alternative direct physical interface definition, but untracked - you
	# are on your own to correctly start/stop the service when needed
#	option PCAP_INTF 'eth0'

	# Allow SPA clients to request access to services through an iptables
	# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
	# chain instead of the INPUT chain
	option ENABLE_IPT_FORWARDING 'Y'

	# Allow fwknopd to resolve hostnames in NAT access messages
	option ENABLE_NAT_DNS 'Y'