[isf-wifidog] Firewall Iptables
Max Horváth
max.horvath at maxspot.de
Sam 25 Fév 18:07:04 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob,
The wiki actually has a recent changes page:
https://dev.wifidog.org/wiki/RecentChanges
And it has a timeline page where you can additionally check for
commits to SVN:
http://dev.wifidog.org/timeline
You can find the info under Documentation -> Install -> Gateway
installation on OpenWrt and under FAQ -> Q: Is it possible to block
all outgoing TCP/UDP ports until a user has authenticated via
WiFiDog's login page ?
Links:
https://dev.wifidog.org/wiki/doc/install/
openwrt#ConfigurationRunningandTesting
https://dev.wifidog.org/wiki/FAQ#Q:IsitpossibletoblockalloutgoingTCP/
UDPportsuntilauserhasauthenticatedviaWiFiDogsloginpage
Cheers, Max!
Am 26.02.2006 um 00:02 schrieb Rob Janes:
> Max - where on the wiki? i can't find it. also, the wiki does not
> have a list of recent pages, or is there some well known ? string I
> should use that I don't know?
>
> Max Horváth wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Info has been added to the WIKI ...
>>
>> Cheers, Max!
>>
>> Am 12.02.2006 um 05:52 schrieb Joe Bowser:
>>
>>> On Sat, 2006-02-11 at 23:32 -0500, D Frohman wrote:
>>>
>>>> Is it possible to block all outgoing TCP ports until a user has
>>>> authenticated via Wifidog's login page? If they just connect to
>>>> the
>>>> WAP they can use all ports except port 80.
>>>>
>>>> We tried blocking the ports in the FORWARD chain of iptables, it
>>>> works, but when they authenticate the same rules apply. Any ideas?
>>>>
>>>> Thanks in advance.
>>>
>>>
>>> What are your firewall rules like? If you are running the WiFiDog
>>> software on a WRT54G running a later OpenWrt firmware, the current
>>> firewall rules do not permit such behaviour. You are going to
>>> have to
>>> disable forwarding from the bridge interface to the wan interface:
>>>
>>> # The following have been commented out for WiFiDog to work
>>> # iptables -A FORWARD -i br0 -o br0 -j ACCEPT
>>> # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
>>>
>>> Is this in the documentation yet? I'm sure most of the groups
>>> that use
>>> WiFiDog are already aware of this issue, however this does need
>>> to be documented.
>>>
>>>
>>> --
>>> Joe Bowser <bowserj at unbc.ca>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (Darwin)
>>
>> iD8DBQFD/Iqo+BKgC+eQ3ooRArGsAJ94gsNlff0TtAS07LvsbwUR+UT1pwCgm0pq
>> UfD4szojWG8e+lhw4p5O5Pw=
>> =3c2S
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> ---
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEAOMZ+BKgC+eQ3ooRAgzhAJ438+ufeuqRXznU+uSxFEBcQ3JC0wCfcsY1
7Zw+WN/Bb6TD7JkviKt0Uu4=
=DMSK
-----END PGP SIGNATURE-----
More information about the WiFiDog
mailing list