[isf-wifidog] WiFiDog and the Nintendo DS
Pascal Charest
pascal.charest at gmail.com
Mar 13 Mai 06:36:15 EDT 2008
Hi,
I do now know exactly how wifidog process its firewall rules, but lets say
it simply craft netfilters rules and pass them to iptables.
It this case, you don't have any choices other than specifying the range
since the domain-name will be resolved only to one of those addresses and
your rule won't match that often.
Once again, i do not know for wifidog, but I know that iptables does work
with CIDR mask (example : 192.168.1.0/24)...
Pascal
On Mon, May 12, 2008 at 7:48 PM, Robin Jones <Robin at networkfusion.co.uk>
wrote:
> I am trying to answer a question on the ticket system #467 (I have asked
> the guy to use the mailing list, but to no avail), and yet also would
> like to make this work myself...
>
> I know about
> https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro
> wser and the simplest way seems to be 2-Whitelist specific servers
>
> Given the fact that these all have hostnames, can firewall rules contain
> these?
>
> If not, can you white list IP Ranges and corresponding ports?
>
> So for example, the servers I would like to white list are as follows:
>
> Contest.nintendo.net - 83.36.93.1 to 83.36.93.255
> Contest.nintendo.net - 61.54.24.1 to 61.54.24.255
> nas.nintendowifi.net - 192.195.204.1 to 192.195.204.255
> gs.nintendowifi.net - 207.38.11.1 to 207.38.11.255
> nus.shop.wii.com - 209.67.106.1 to 209.67.106.255
> rcw.wc24.wii.com - 125.199.254.1 to 125.199.254.255
> cfh.wapp.wii.com - 84.53.134.1 to 84.53.134.255
> weather.wapp.wii.com A - 84.53.136.1 to 84.53.136.255
> weather.wapp.wii.com B - 213.155.151.1 to 213.155.151.255
> opera.com - 213.236.208.1 to 213.236.208.255
> american-sk8land.com - 70.86.183.1 to 70.86.183.255
>
> So would the corresponding firewall rules in wifidog.conf work?:
>
> FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 to
> 83.36.93.1-83.36.93.255
>
> Or
>
> FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 to
> Contest.nintendo.net
>
>
> It has also been recommended to allow all udp traffic, would this be a
> security risk?
>
>
>
> Thanks,
>
>
> Robin Jones.
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
--
Pascal Charest, Free software consultant {GNU/Linux}
http://blog.pacharest.com
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080513/7a6ca295/attachment.htm
Plus d'informations sur la liste de diffusion WiFiDog