Added backup check against a cipherdyne.com 'myip' cgi instance in -R mode if the normal check against cipherdyne.org fails.
The myip.c file is deployed at http://www.cipherdyne.org/cgi-bin/myip for fwknop client IP resolution.
Updated the 'make install' step to not overwrite any existing config files in /etc/fwknop/ and instead install new copies from the source tree at /etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst
…port For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it possible to leverage a server-side GPG key pair that has no associated password. This comes in handy when a system requires the user to leverage gpg-agent / pinentry which can present a problem in automated environments as required by the fwknopd server. Now, it might seem like a problem to remove the passphrase from a GPG key pair, but it's important to note that simply doing this is little worse than storing the passphrase in the clear on disk anyway in the access.conf file. Further, this link help provides additional detail: http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment
Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT for ipfw firewalls to emulate the corresponding functionality that is implemented for iptables firewalls. Bug fix for ipfw firewalls to ensure that if the ipfw expire set is zero, then do not disable this set whenever the FLUSH_IPFW* variables are enabled. These changes were suggested by Jonathan Schulz.
Applied patch from Jonathan Schulz to ensure that the fwknop client reads all data from a remote webserver when resolving the client IP address in -R mode. Jonathan indicated that some webservers would transfer HTTP headers and data separately, and a single recv() would therefore fail to get the necessary IP information.