diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile
index 54b886177..5a79dd4c6 100644
--- a/net/fwknop/Makefile
+++ b/net/fwknop/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fwknop
 PKG_VERSION:=2.6.10
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download
diff --git a/net/fwknop/files/fwknopd b/net/fwknop/files/fwknopd
index e6db76b33..d830b10d9 100644
--- a/net/fwknop/files/fwknopd
+++ b/net/fwknop/files/fwknopd
@@ -8,10 +8,18 @@ config network
 
 config access
 	option SOURCE 'ANY'
-	option HMAC_KEY 'CHANGEME'
-	option KEY 'CHANGEME'
+	option HMAC_KEY '__CHANGEME__'
+	option KEY '__CHANGEME__'
 
 config config
 	# Alternative direct physical interface definition, but untracked - you
 	# are on your own to correctly start/stop the service when needed
 #	option PCAP_INTF 'eth0'
+
+	# Allow SPA clients to request access to services through an iptables
+	# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
+	# chain instead of the INPUT chain
+	option ENABLE_IPT_FORWARDING 'Y'
+
+	# Allow fwknopd to resolve hostnames in NAT access messages
+	option ENABLE_NAT_DNS 'Y'