[isf-wifidog] Firewall Iptables
Rob Janes
janes.rob at gmail.com
Sam 25 Fév 18:02:45 EST 2006
Max - where on the wiki? i can't find it. also, the wiki does not have
a list of recent pages, or is there some well known ? string I should
use that I don't know?
Max Horváth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Info has been added to the WIKI ...
>
> Cheers, Max!
>
> Am 12.02.2006 um 05:52 schrieb Joe Bowser:
>
>> On Sat, 2006-02-11 at 23:32 -0500, D Frohman wrote:
>>
>>> Is it possible to block all outgoing TCP ports until a user has
>>> authenticated via Wifidog's login page? If they just connect to the
>>> WAP they can use all ports except port 80.
>>>
>>> We tried blocking the ports in the FORWARD chain of iptables, it
>>> works, but when they authenticate the same rules apply. Any ideas?
>>>
>>> Thanks in advance.
>>
>>
>> What are your firewall rules like? If you are running the WiFiDog
>> software on a WRT54G running a later OpenWrt firmware, the current
>> firewall rules do not permit such behaviour. You are going to have to
>> disable forwarding from the bridge interface to the wan interface:
>>
>> # The following have been commented out for WiFiDog to work
>> # iptables -A FORWARD -i br0 -o br0 -j ACCEPT
>> # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
>>
>> Is this in the documentation yet? I'm sure most of the groups that use
>> WiFiDog are already aware of this issue, however this does need to
>> be documented.
>>
>>
>> --
>> Joe Bowser <bowserj at unbc.ca>
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFD/Iqo+BKgC+eQ3ooRArGsAJ94gsNlff0TtAS07LvsbwUR+UT1pwCgm0pq
> UfD4szojWG8e+lhw4p5O5Pw=
> =3c2S
> -----END PGP SIGNATURE-----
>
>------------------------------------------------------------------------
>
>_______________________________________________
>WiFiDog mailing list
>WiFiDog at listes.ilesansfil.org
>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
More information about the WiFiDog
mailing list