[isf-wifidog] FirewallRuleSets & User Classes
Alexandre Carmel-Veilleux
saruman at northernhacking.org
Mer 2 Mar 19:25:32 EST 2005
On Wed, Mar 02, 2005 at 03:17:00PM -0500, Scott Tully wrote:
>
> Thank you, i will. That's the nice thing about the way you have the
> FirewallRuleSet defined. You can really customize each class very
> easily... An individual can block or allow anything... I suppose the
> "global rules" could be used to create a walled garden as well...
This was the rational behind all that code. My first iteration
was just a list of ports to block, but then I kept adding extra bits
of exception code left and right. So I restarted from scratch and made
the rule set blocks with the expectation that every new user class
would get it's own rule set. And some directive in the config file
would map ruleset with user class.
The main blank in this is how the hell are the rule classes
handled? The Auth server needs to know them but in a system like
Ile Sans Fil, every hot spot is "independent" and therefore would
have different user classes for a given user depending on the hot
spot...
Alex
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 230 octets
Desc: non disponible
Url: http://listes.philippeapril.com/pipermail/wifidog/attachments/20050302/5555360f/attachment.pgp
Plus d'informations sur la liste de diffusion WiFiDog