[Wifidog] Teliphone code

Philippe April isf_lists at philippeapril.com
Mon Nov 22 18:12:48 EST 2004 

Can we have default rules, in case no rules are defined in the config
file?

It'd be good to have a set of default rules IN CASE the rules in the
config file are not complete so things still work (ie: upgrading without
updating the config file)...

On Mon, Nov 22, 2004 at 05:10:42PM -0500, Alexandre Carmel-Veilleux wrote:
> On Mon, Nov 22, 2004 at 04:56:47PM -0500, Pascal Leclerc wrote:
> >
> >   -Can you do a summary (how it works and how to configure it) ?
> 
> 	It's all in the wifidog.conf. Basically there are five firewall
> rulesets:
> 
> 	global			Rules that apply to the next 3 rule set
> 	validating-users	Rules for unvalidated new users
> 	known-users		Rules for normal users
> 	unknown-users		Rules when not logged in
> 	locked-users		Rules for banned users
> 
> 	Each ruleset is composed of a number of firewall rules in a
> fairly simple abstract syntax. The rules get "compiled" to iptables
> format automagically.
> 
> 	An example global ruleset for Teliphone would look like:
> 
> FirewallRuleSet global {
> 	FirewallRule allow udp to 49.90.89.192/27
> 	FirewallRule allow udp to 69.90.85.0/27
> 	FirewallRule allow tcp port 80 to 69.90.89.205
> }
> 
> 	An example unknown-users ruleset would be:
> 
> FirewallRuleSet unknown-users {
> 	FirewallRule allow udp port 53
> 	FirewallRule allow tcp port 53
> 	FirewallRule allow udp port 67
> 	FirewallRule allow tdp port 67
> 	FirewallRule block to 0.0.0.0/0
> }
> 
> 	The mangle rules are automatically added. I feel that they are
> static enough that there's no need to have them specified in the config.
> 
> 	Likewise, the auth server rules are handled speciallyso that
> they don't need to be double defined.
> 
> Alex



> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com


-- 
Philippe April
isf_lists at philippeapril.com

-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com

More information about the Wifidog mailing list