[isf-wifidog] FirewallRuleSets & User Classes
Alexandre Carmel-Veilleux
saruman at northernhacking.org
Mer 2 Mar 23:57:54 EST 2005
On Wed, Mar 02, 2005 at 10:16:09PM -0500, Scott Tully wrote:
>
> > The idea was to have the gateway download firewall rules from the gateway at
> > startup, and use the ones in the config file as an override.
>
> I don't understand.
See my previous reply on this thread covering the arbitrary
config file download bit. A bit of history is in order:
One of the ISF partner is called Teliphone, they provide VoIP
services and sell WiFi VoIP handsets. As part of an agreement between
them, they give us one (or is it two?) phone(s) plus a certain amount
of money in addition to help getting hotspots and in exchange, we let
their phones work transparently at our hotspots as well as provide
logistical support for them. That is, we'd handle any hot spots they
settle as part of the ISF network. There's a bit more to it, but that's
the basics.
Now, we needed to have the gateway customize the firewall rules
so that their phone woudl work without authentication. Part one of that
was the current firewall rule code that let us define arbitrary rules
without recompiling everything. This was the thing that tipped us over
into version 1.1.0.
The other part was having the gateways download configuration
from the central server. I never got around to that part (the firewall
rule code was mostly hashed out during two of our bi-monthly meetings.)
Alex
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 230 octets
Desc: non disponible
Url: http://listes.philippeapril.com/pipermail/wifidog/attachments/20050302/187178ff/attachment.pgp
Plus d'informations sur la liste de diffusion WiFiDog