[isf-wifidog] IPTables Configuration

[Matthew J. Sonnentag]

Hi All,

 

We have successfully installed wifidog gateway and authserver on centos
5 and all seems to be working well except for one issue:

 

We are using a default iptables configuration and when the gateway
service is not running  our box becomes an open router to the internet
for any users who happen to connect to our wireless network.  Does
anyone have an iptables configuration that would "turn-off" the wireless
access without the wifidog gateway running?  If that is not possible,
are there other methods that anyone would care to float to prevent
access when the gateway service is not running?

 

Here is the default code from our iptables, eth0 is internal, eth1 is
wi-fi:

 

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7

-A FORWARD -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7

-A FORWARD -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7

-A OUTPUT -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7

COMMIT

 

Obviously, the gateway, when running adds a number of additional
configuration commands to this configuration, but we have not be able to
come up with any configuration that seems to prevent access when the
gateway is not running.

 

Also, is there any documentation freely available related to the
firewallruleset commands in the wifidog.conf file?  We would be
interested in limiting and logging some of the outgoing ports that are
used.

 

Thanks,

 

Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20071204/c152560a/attachment.htm