[isf-wifidog] Firewall Iptables
Max Horváth
max.horvath at maxspot.de
Mer 22 Fév 11:00:40 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Info has been added to the WIKI ...
Cheers, Max!
Am 12.02.2006 um 05:52 schrieb Joe Bowser:
> On Sat, 2006-02-11 at 23:32 -0500, D Frohman wrote:
>> Is it possible to block all outgoing TCP ports until a user has
>> authenticated via Wifidog's login page? If they just connect to the
>> WAP they can use all ports except port 80.
>>
>> We tried blocking the ports in the FORWARD chain of iptables, it
>> works, but when they authenticate the same rules apply. Any ideas?
>>
>> Thanks in advance.
>
> What are your firewall rules like? If you are running the WiFiDog
> software on a WRT54G running a later OpenWrt firmware, the current
> firewall rules do not permit such behaviour. You are going to have to
> disable forwarding from the bridge interface to the wan interface:
>
> # The following have been commented out for WiFiDog to work
> # iptables -A FORWARD -i br0 -o br0 -j ACCEPT
> # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
>
> Is this in the documentation yet? I'm sure most of the groups that
> use
> WiFiDog are already aware of this issue, however this does need to
> be documented.
>
>
> --
> Joe Bowser <bowserj at unbc.ca>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFD/Iqo+BKgC+eQ3ooRArGsAJ94gsNlff0TtAS07LvsbwUR+UT1pwCgm0pq
UfD4szojWG8e+lhw4p5O5Pw=
=3c2S
-----END PGP SIGNATURE-----
More information about the WiFiDog
mailing list