[isf-wifidog] Supporting opening the firewall if the auth servers
are all unreachable.
Alexandre Carmel-Veilleux
acveilleux at gmail.com
Dim 19 Fév 15:15:37 EST 2006
On 2/9/06, Benoit Grégoire <bock at step.polymtl.ca> wrote:
> On February 8, 2006 03:49 pm, Gabe Sawhney wrote:
> > The failover => )open( thing is high on my priority list... it might
> > be the project I'd like to work on at a router geeknight...
> >
> > David: I suspect that there's not much programming required -- I think
> > it's just a matter of hacking the iptables rulesets that wifidog
> > manipulates on the router.
>
> Indeed, this should be a pretty easy project. The client already maintains a
> flag to tell if all the auth servers are down. It should only be a matter of
> hooking in the auth server status code, adding a short circuit firewall rule
> somewhere in the tables, and clearing it once an auth server becomes
> available again.
I've got a quick hack doing this. The actuating code is there and
proper (along with a config file directive. Right now the actual
allowing/denying is done by destroying the whole firewall and
re-creating it when the auth server becomes live.
I'm not going to check it in until I have input on how the
short-circuit should be done. What do people think? (Extra bonus for
iptables snippet to implement the short-circuit.)
Alex
PS: (Yup, looks like I'm back to my old tricks.)
More information about the WiFiDog
mailing list