[Wifidog] Teliphone code
Philippe April
isf_lists at philippeapril.com
Mon Nov 22 18:12:48 EST 2004
Can we have default rules, in case no rules are defined in the config
file?
It'd be good to have a set of default rules IN CASE the rules in the
config file are not complete so things still work (ie: upgrading without
updating the config file)...
On Mon, Nov 22, 2004 at 05:10:42PM -0500, Alexandre Carmel-Veilleux wrote:
> On Mon, Nov 22, 2004 at 04:56:47PM -0500, Pascal Leclerc wrote:
> >
> > -Can you do a summary (how it works and how to configure it) ?
>
> It's all in the wifidog.conf. Basically there are five firewall
> rulesets:
>
> global Rules that apply to the next 3 rule set
> validating-users Rules for unvalidated new users
> known-users Rules for normal users
> unknown-users Rules when not logged in
> locked-users Rules for banned users
>
> Each ruleset is composed of a number of firewall rules in a
> fairly simple abstract syntax. The rules get "compiled" to iptables
> format automagically.
>
> An example global ruleset for Teliphone would look like:
>
> FirewallRuleSet global {
> FirewallRule allow udp to 49.90.89.192/27
> FirewallRule allow udp to 69.90.85.0/27
> FirewallRule allow tcp port 80 to 69.90.89.205
> }
>
> An example unknown-users ruleset would be:
>
> FirewallRuleSet unknown-users {
> FirewallRule allow udp port 53
> FirewallRule allow tcp port 53
> FirewallRule allow udp port 67
> FirewallRule allow tdp port 67
> FirewallRule block to 0.0.0.0/0
> }
>
> The mangle rules are automatically added. I feel that they are
> static enough that there's no need to have them specified in the config.
>
> Likewise, the auth server rules are handled speciallyso that
> they don't need to be double defined.
>
> Alex
> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
--
Philippe April
isf_lists at philippeapril.com
-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
More information about the Wifidog
mailing list