[isf-wifidog] Blocking streaming content...

Tarken Winn tarkenwinn at gmail.com
Lun 24 Juil 16:50:35 EDT 2006


Hi Sam,

Thanks for the reply. Yes it certainly does look like the default firewall
script is allowing ESTABLISHED connections 'through'. I figured WiFiDog
would somehow (no, I have not had more than a superficial look at the
gateway code) reset all connections associated with a user on logout.
Apparently this is not the case. I guess we need a way to 'reset' all
established connections of any user when the user transitions from known to
unknown from wifidog's point of view?

Do you, or anyone else, have any thoughts on this? I expect this 'problem'
has long since been resolved.

Thanks again,

Tarken

On 7/25/06, Samuel Leathers <disasm at gentux.org> wrote:
>
> I'm no expert, but usually a firewall rule usually allows any application
> that already has "state" to stay connected. So after a logout, if an
> application is continuously open from before the logout, it won't
> disconnect that application. Same would be true for an ssh tunnel. Now as
> soon as you close the streaming program, and try to re-open it, it
> shouldn't allow access anymore. I don't think wifidog controls this
> firewall rule, it's more of in your firewall initialization script.
> (/etc/init.d/S45firewall on openwrt)
> These look like the culprit on openwrt's default firewall script:
> 28  iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> 51  iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> 72  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>
> Someone correct me if I'm wrong on this.
>
> Sam
> > Hi all,
> >
> > I have just been listening to www.pandora.com (which is awesome I have
> to
> > say!) and without shutting down the Pandora window, logged out of
> > wifidog...
> > and the music didn't stop. Is this expected behaviour / a known bug in
> > wifidog? The gateway apparently correctly blocks any new requests made
> by
> > a
> > logged out client, but allows already streaming content to continue...
> >
> > Once again I have Googled the mailing list archives and wifidog.org
> > website
> > to no avail. Does anyone (everyone?) experience streaming content being
> > allowed to continue after client logout? Am I once again overlooking
> > something obvious?
> >
> > I hope this topic has not already been covered and solved, but if so,
> I'd
> > much appreciate being pointed in the right direction.
> >
> > Thanks in advance,
> >
> > Tarken
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> --
> Sam Leathers
> Sam Leathers Computer Services
> 814.574.7307
> sam at samleathers.com
> www.samleathers.com
> -Computer repair services
> -Reliable business consulting
> -Web design and hosting that meets your needs
> -Collection of computers no longer needed
> -Student discounted repair rate
> -Server setups and networking
> -------------------------------------
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060725/2734fd45/attachment.htm


Plus d'informations sur la liste de diffusion WiFiDog