4 files changed, 25 insertions, 0 deletions

diff --git a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua b/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
index 84a1a23d8..096724f73 100644
--- a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
+++ b/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
@@ -46,6 +46,8 @@ s = m:section(TypedSection, "config", translate("fwknopd.conf config options"))
 s.anonymous=true
 s.dynamic=true
 s:option(Value, "MAX_SPA_PACKET_AGE", "MAX_SPA_PACKET_AGE", translate("Maximum age in seconds that an SPA packet will be accepted. defaults to 120 seconds"))
+s:option(Value, "PCAP_INTF", "PCAP_INTF", translate("Specify the ethernet interface on which fwknopd will sniff packets."))
+s:option(Value, "ENABLE_IPT_FORWARDING", "ENABLE_IPT_FORWARDING", translate("Allow SPA clients to request access to services through an iptables firewall instead of just to it."))
 s:option(DummyValue, "note2", translate("Enter custom fwknopd.conf variables below:"))
 
 return m
diff --git a/applications/luci-app-fwknopd/po/en/en.po b/applications/luci-app-fwknopd/po/en/fwknopd.po
index 1abc6a8f9..d75c99d52 100644
--- a/applications/luci-app-fwknopd/po/en/en.po
+++ b/applications/luci-app-fwknopd/po/en/fwknopd.po
@@ -10,6 +10,13 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
+msgid ""
+"Allow SPA clients to request access to services through an iptables firewall "
+"instead of just to it."
+msgstr ""
+"Allow SPA clients to request access to services through an iptables firewall "
+"instead of just to it."
+
 msgid "Base 64 key"
 msgstr "Base 64 key"
 
@@ -83,6 +90,9 @@ msgstr ""
 msgid "Normal Key"
 msgstr "Normal Key"
 
+msgid "Specify the ethernet interface on which fwknopd will sniff packets."
+msgstr "Specify the ethernet interface on which fwknopd will sniff packets."
+
 msgid "The base64 hmac key"
 msgstr "The base64 hmac key"
 
diff --git a/applications/luci-app-fwknopd/po/templates/fwknopd.pot b/applications/luci-app-fwknopd/po/templates/fwknopd.pot
index ec1550462..4fb616f25 100644
--- a/applications/luci-app-fwknopd/po/templates/fwknopd.pot
+++ b/applications/luci-app-fwknopd/po/templates/fwknopd.pot
@@ -1,6 +1,11 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 
+msgid ""
+"Allow SPA clients to request access to services through an iptables firewall "
+"instead of just to it."
+msgstr ""
+
 msgid "Base 64 key"
 msgstr ""
 
@@ -57,6 +62,9 @@ msgstr ""
 msgid "Normal Key"
 msgstr ""
 
+msgid "Specify the ethernet interface on which fwknopd will sniff packets."
+msgstr ""
+
 msgid "The base64 hmac key"
 msgstr ""
 
diff --git a/applications/luci-app-fwknopd/root/etc/uci-defaults/luci-fwknopd b/applications/luci-app-fwknopd/root/etc/uci-defaults/luci-fwknopd
index 689bedcd1..01b85de25 100644
--- a/applications/luci-app-fwknopd/root/etc/uci-defaults/luci-fwknopd
+++ b/applications/luci-app-fwknopd/root/etc/uci-defaults/luci-fwknopd
@@ -1,6 +1,7 @@
 #!/bin/sh
 #-- Copyright 2015 Jonathan Bennett <jbennett@incomsystems.biz>
 #-- Licensed to the public under the GNU General Public License v2.
+. /lib/functions/network.sh
 
 uci batch <<EOF
 	add ucitrack fwknopd
@@ -8,10 +9,14 @@ uci batch <<EOF
 	commit ucitrack
 EOF
 
+uci delete fwknopd.@access[0].KEY
+uci delete fwknopd.@access[0].HMAC_KEY
 uci set fwknopd.@access[0].keytype='Base 64 key'
 uci set fwknopd.@access[0].hkeytype='Base 64 key'
 uci set fwknopd.@access[0].KEY_BASE64=`fwknopd --key-gen | awk '/^KEY/ {print $2;}'`
 uci set fwknopd.@access[0].HMAC_KEY_BASE64=`fwknopd --key-gen | awk '/^HMAC/ {print $2;}'`
+uci set fwknopd.@config[0].ENABLE_IPT_FORWARDING='y'
+
 uci commit fwknopd
 rm -f /tmp/luci-indexcache
 exit 0