7 files changed, 145 insertions, 25 deletions
diff --git a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua b/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
index 096724f735..4358374440 100644
--- a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
+++ b/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
@@ -1,19 +1,19 @@
 -- Copyright 2015 Jonathan Bennett <jbennett@incomsystems.biz>
 -- Licensed to the public under the GNU General Public License v2.
-
+tmp = 0
 m = Map("fwknopd", translate("Firewall Knock Operator"))
 
 s = m:section(TypedSection, "global", translate("Enable Uci/Luci control")) -- Set uci control on or off
 s.anonymous=true
 s:option(Flag, "uci_enabled", translate("Enable config overwrite"), translate("When unchecked, the config files in /etc/fwknopd will be used as is, ignoring any settings here."))
-qr = s:option(DummyValue, "note0", "dummy")
-qr.template = "fwknopd-qr"
-qr:depends("uci_enabled", "1")
 
 s = m:section(TypedSection, "access", translate("access.conf stanzas")) -- set the access.conf settings
 s.anonymous=true
 s.addremove=true
-s.dynamic=true
+qr = s:option(DummyValue, "note0", "dummy")
+qr.tmp = tmp
+qr.template = "fwknopd-qr"
+qr:depends("uci_enabled", "1")
 s:option(Value, "SOURCE", "SOURCE", translate("Use ANY for any source ip"))
 k1 = s:option(Value, "KEY", "KEY", translate("Define the symmetric key used for decrypting an incoming SPA packet that is encrypted by the fwknop client with Rijndael."))
 k1:depends("keytype", translate("Normal Key"))
@@ -40,15 +40,13 @@ s:option(Value, "REQUIRE_SOURCE_ADDRESS", "REQUIRE_SOURCE_ADDRESS", translate("F
 					This makes it impossible to use the -s command line argument on the fwknop client command line, so either -R \
 					has to be used to automatically resolve the external address (if the client behind a NAT) or the client must \
 					know the external IP and set it via the -a argument."))
-s:option(DummyValue, "note1", translate("Enter custom access.conf variables below:"))
 
 s = m:section(TypedSection, "config", translate("fwknopd.conf config options")) 
 s.anonymous=true
-s.dynamic=true
 s:option(Value, "MAX_SPA_PACKET_AGE", "MAX_SPA_PACKET_AGE", translate("Maximum age in seconds that an SPA packet will be accepted. defaults to 120 seconds"))
 s:option(Value, "PCAP_INTF", "PCAP_INTF", translate("Specify the ethernet interface on which fwknopd will sniff packets."))
 s:option(Value, "ENABLE_IPT_FORWARDING", "ENABLE_IPT_FORWARDING", translate("Allow SPA clients to request access to services through an iptables firewall instead of just to it."))
-s:option(DummyValue, "note2", translate("Enter custom fwknopd.conf variables below:"))
+s:option(Value, "ENABLE_NAT_DNS", "ENABLE_NAT_DNS", translate("Allow SPA clients to request forwarding destination by DNS name."))
 
 return m
 
diff --git a/applications/luci-app-fwknopd/luasrc/view/fwknopd-qr.htm b/applications/luci-app-fwknopd/luasrc/view/fwknopd-qr.htm
index 9e6e8185fa..5773f523e5 100644
--- a/applications/luci-app-fwknopd/luasrc/view/fwknopd-qr.htm
+++ b/applications/luci-app-fwknopd/luasrc/view/fwknopd-qr.htm
@@ -1 +1,2 @@
-<% print(luci.sys.exec("sh /usr/sbin/gen-qr.sh")) %>
+<% print(luci.sys.exec("sh /usr/sbin/gen-qr.sh " .. self.tmp)) %>
+<% self.tmp = self.tmp + 1 %>
diff --git a/applications/luci-app-fwknopd/po/en/fwknopd.po b/applications/luci-app-fwknopd/po/en/fwknopd.po
index d75c99d524..fbdd8d7532 100644
--- a/applications/luci-app-fwknopd/po/en/fwknopd.po
+++ b/applications/luci-app-fwknopd/po/en/fwknopd.po
@@ -17,6 +17,9 @@ msgstr ""
 "Allow SPA clients to request access to services through an iptables firewall "
 "instead of just to it."
 
+msgid "Allow SPA clients to request forwarding destination by DNS name."
+msgstr ""
+
 msgid "Base 64 key"
 msgstr "Base 64 key"
 
@@ -55,12 +58,6 @@ msgstr "Enable Uci/Luci control"
 msgid "Enable config overwrite"
 msgstr "Enable config overwrite"
 
-msgid "Enter custom access.conf variables below:"
-msgstr "Enter custom access.conf variables below:"
-
-msgid "Enter custom fwknopd.conf variables below:"
-msgstr "Enter custom fwknopd.conf variables below:"
-
 msgid "Firewall Knock Daemon"
 msgstr "Firewall Knock Daemon"
 
@@ -111,3 +108,9 @@ msgstr "access.conf stanzas"
 
 msgid "fwknopd.conf config options"
 msgstr "fwknopd.conf config options"
+
+#~ msgid "Enter custom access.conf variables below:"
+#~ msgstr "Enter custom access.conf variables below:"
+
+#~ msgid "Enter custom fwknopd.conf variables below:"
+#~ msgstr "Enter custom fwknopd.conf variables below:"
diff --git a/applications/luci-app-fwknopd/po/pt-br/fwknopd.po b/applications/luci-app-fwknopd/po/pt-br/fwknopd.po
new file mode 100644
index 0000000000..286b49db31
--- /dev/null
+++ b/applications/luci-app-fwknopd/po/pt-br/fwknopd.po
@@ -0,0 +1,116 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"Allow SPA clients to request access to services through an iptables firewall "
+"instead of just to it."
+msgstr ""
+"Permitir que clientes SPA requeiram acesso a serviços através de um firewall "
+"iptables ao invés de apenas fazê-lo."
+
+msgid "Allow SPA clients to request forwarding destination by DNS name."
+msgstr ""
+"Permitir que clientes SPA requeiram encaminhamento de destinos por nome DNS."
+
+msgid "Base 64 key"
+msgstr "Chave em formato base64"
+
+msgid ""
+"Define a set of ports and protocols (tcp or udp) that will be opened if a "
+"valid knock sequence is seen. If this entry is not set, fwknopd will attempt "
+"to honor any proto/port request specified in the SPA data (unless of it "
+"matches any “RESTRICT_PORTS” entries). Multiple entries are comma-separated."
+msgstr ""
+"Define um conjunto de porta e protocolos (TCP ou UDP) que serão abertos se "
+"uma sequência de batidas for observada. Se esta entrada não estiver "
+"definida, fwknopd irá tentar honrar qualquer requisição de protocolo/porta "
+"especificada nos dados SPA (a não ser se casar com qualquer entrada de "
+"\"RESTRICT_PORTS\"). Múltiplas entradas serão separadas por vírgula."
+
+msgid ""
+"Define the length of time access will be granted by fwknopd through the "
+"firewall after a valid knock sequence from a source IP address. If "
+"“FW_ACCESS_TIMEOUT” is not set then the default timeout of 30 seconds will "
+"automatically be set."
+msgstr ""
+"Define a duração do tempo de acesso que será concedido pelo fwknopd através "
+"do firewall depois de uma sequência de batidas válida de um endereço IP. Se "
+"“FW_ACCESS_TIMEOUT” não estiver definido, o valor padrão será de 30 "
+"segundos. "
+
+msgid ""
+"Define the symmetric key used for decrypting an incoming SPA packet that is "
+"encrypted by the fwknop client with Rijndael."
+msgstr ""
+"Define a chave simétrica usada para decifrar um pacote SPA entrante que foi "
+"cifrado pelo cliente fwknop com o algoritmo Rijndael."
+
+msgid "Enable Uci/Luci control"
+msgstr "Habilitar o controle UCI/Luci"
+
+msgid "Enable config overwrite"
+msgstr "Habilitar a sobrescrita da configuração"
+
+msgid "Firewall Knock Daemon"
+msgstr "Servidor do Firwall Knock"
+
+msgid "Firewall Knock Operator"
+msgstr "Operador do Firewall Knock"
+
+msgid ""
+"Force all SPA packets to contain a real IP address within the encrypted "
+"data. This makes it impossible to use the -s command line argument on the "
+"fwknop client command line, so either -R has to be used to automatically "
+"resolve the external address (if the client behind a NAT) or the client must "
+"know the external IP and set it via the -a argument."
+msgstr ""
+"Forçar que todos os pacotes SPA contenham um endereço IP real dentro do "
+"pacote cifrado. Isto torna impossível o uso do argumento de linha de comando "
+"'-s' no cliente fwknop. Desta forma, ou o argumento '-R' deve ser usada para "
+"resolver os endereços externos automaticamente (se o cliente estiver atrás "
+"de uma NAT)  ou o ciente deve conhecer o seu endereço IP externo e defini-lo "
+"através do argumento '-a'."
+
+msgid ""
+"Maximum age in seconds that an SPA packet will be accepted. defaults to 120 "
+"seconds"
+msgstr ""
+"Idade máxima, em segundos, que um pacote SPA será aceito. Padrão é 120 "
+"segundos."
+
+msgid "Normal Key"
+msgstr "Chave Normal"
+
+msgid "Specify the ethernet interface on which fwknopd will sniff packets."
+msgstr ""
+"Especifica o dispositivo ethernet no qual o fwknopd irá observar os pacotes."
+
+msgid "The base64 hmac key"
+msgstr "A chave de autenticação HMAC em formato base64"
+
+msgid "Use ANY for any source ip"
+msgstr "Use \"ANY\" para qualquer endereço IP de origem"
+
+msgid ""
+"When unchecked, the config files in /etc/fwknopd will be used as is, "
+"ignoring any settings here."
+msgstr ""
+"Quando desmarcado, os arquivos de configuração em /etc/fwknopd serão usados "
+"como estão, ignorando qualquer ajustes feitos aqui."
+
+msgid "access.conf stanzas"
+msgstr "Estâncias do access.conf"
+
+msgid "fwknopd.conf config options"
+msgstr "Opções do fwknopd.conf"
diff --git a/applications/luci-app-fwknopd/po/templates/fwknopd.pot b/applications/luci-app-fwknopd/po/templates/fwknopd.pot
index 4fb616f25e..1010ba70e6 100644
--- a/applications/luci-app-fwknopd/po/templates/fwknopd.pot
+++ b/applications/luci-app-fwknopd/po/templates/fwknopd.pot
@@ -6,6 +6,9 @@ msgid ""
 "instead of just to it."
 msgstr ""
 
+msgid "Allow SPA clients to request forwarding destination by DNS name."
+msgstr ""
+
 msgid "Base 64 key"
 msgstr ""
 
@@ -34,12 +37,6 @@ msgstr ""
 msgid "Enable config overwrite"
 msgstr ""
 
-msgid "Enter custom access.conf variables below:"
-msgstr ""
-
-msgid "Enter custom fwknopd.conf variables below:"
-msgstr ""
-
 msgid "Firewall Knock Daemon"
 msgstr ""
 
diff --git a/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd b/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd
index 01b85de25f..65ef012450 100644
--- a/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd
+++ b/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd
@@ -16,6 +16,7 @@ uci set fwknopd.@access[0].hkeytype='Base 64 key'
 uci set fwknopd.@access[0].KEY_BASE64=`fwknopd --key-gen | awk '/^KEY/ {print $2;}'`
 uci set fwknopd.@access[0].HMAC_KEY_BASE64=`fwknopd --key-gen | awk '/^HMAC/ {print $2;}'`
 uci set fwknopd.@config[0].ENABLE_IPT_FORWARDING='y'
+uci set fwknopd.@config[0].ENABLE_NAT_DNS='y'
 
 uci commit fwknopd
 rm -f /tmp/luci-indexcache
diff --git a/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh b/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh
index 97493dafed..abca5d3e5a 100644
--- a/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh
+++ b/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh
@@ -1,9 +1,13 @@
 #!/bin/sh
+entry_num=0
+if [ "$1" != "" ]; then
+entry_num=$1
+fi
 
-key_base64=$(uci get fwknopd.@access[0].KEY_BASE64)
-key=$(uci get fwknopd.@access[0].KEY)
-hmac_key_base64=$(uci get fwknopd.@access[0].HMAC_KEY_BASE64)
-hmac_key=$(uci get fwknopd.@access[0].HMAC_KEY)
+key_base64=$(uci get fwknopd.@access[$entry_num].KEY_BASE64)
+key=$(uci get fwknopd.@access[$entry_num].KEY)
+hmac_key_base64=$(uci get fwknopd.@access[$entry_num].HMAC_KEY_BASE64)
+hmac_key=$(uci get fwknopd.@access[$entry_num].HMAC_KEY)
 
 if [ $key_base64 != "" ]; then
 qr="KEY_BASE64:$key_base64"