[isf-wifidog] Firewall Iptables
D Frohman
dalework at spiderhost.com
Dim 19 Fév 10:02:03 EST 2006
That worked. Thanks.
-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Joe Bowser
Sent: Saturday, February 11, 2006 11:52 PM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] Firewall Iptables
On Sat, 2006-02-11 at 23:32 -0500, D Frohman wrote:
> Is it possible to block all outgoing TCP ports until a user has
> authenticated via Wifidog's login page? If they just connect to the
> WAP they can use all ports except port 80.
>
> We tried blocking the ports in the FORWARD chain of iptables, it
> works, but when they authenticate the same rules apply. Any ideas?
>
> Thanks in advance.
What are your firewall rules like? If you are running the WiFiDog software
on a WRT54G running a later OpenWrt firmware, the current firewall rules do
not permit such behaviour. You are going to have to disable forwarding from
the bridge interface to the wan interface:
# The following have been commented out for WiFiDog to work # iptables -A
FORWARD -i br0 -o br0 -j ACCEPT # iptables -A FORWARD -i $LAN -o $WAN -j
ACCEPT
Is this in the documentation yet? I'm sure most of the groups that use
WiFiDog are already aware of this issue, however this does need to be
documented.
--
Joe Bowser <bowserj at unbc.ca>
More information about the WiFiDog
mailing list