[isf-wifidog] IPTables Configuration

Frederico Marques frederico at marques.cx
Mer 5 Déc 07:58:59 EST 2007 

Hi Matthew,

You can add an iptables rule (just after the last rule) on the  
FORWARD chain like this:

-A FORWARD -i eth1 -o eth1 -j DROP

It will deny any traffic coming in from the eth1 wifi interface and  
coming out to the eth0 internal.

Of course, if you want to enable wifidog you'll have to coment out  
this rule and restart iptables. You can use cron to that  
automagically for a period of time.

Fred

On Dec 4, 2007, at 11:16 PM, Matthew J. Sonnentag wrote:

> Hi All,
>
>
>
> We have successfully installed wifidog gateway and authserver on  
> centos 5 and all seems to be working well except for one issue:
>
>
>
> We are using a default iptables configuration and when the gateway  
> service is not running  our box becomes an open router to the  
> internet for any users who happen to connect to our wireless  
> network.  Does anyone have an iptables configuration that would  
> “turn-off” the wireless access without the wifidog gateway  
> running?  If that is not possible, are there other methods that  
> anyone would care to float to prevent access when the gateway  
> service is not running?
>
>
>
> Here is the default code from our iptables, eth0 is internal, eth1  
> is wi-fi:
>
>
>
> *filter
>
> :INPUT ACCEPT [0:0]
>
> :FORWARD ACCEPT [0:0]
>
> :OUTPUT ACCEPT [0:0]
>
> -A INPUT -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
>
> -A FORWARD -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
>
> -A FORWARD -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
>
> -A OUTPUT -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
>
> COMMIT
>
>
>
> Obviously, the gateway, when running adds a number of additional  
> configuration commands to this configuration, but we have not be  
> able to come up with any configuration that seems to prevent access  
> when the gateway is not running.
>
>
>
> Also, is there any documentation freely available related to the  
> firewallruleset commands in the wifidog.conf file?  We would be  
> interested in limiting and logging some of the outgoing ports that  
> are used.
>
>
>
> Thanks,
>
>
>
> Matt
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

Plus d'informations sur la liste de diffusion WiFiDog