[isf-wifidog] WiFiDog and the Nintendo DS

[Wichert Akkerman]

Previously Benoit Grégoire wrote:
> On 12 May 2008, Robin Jones wrote:
> > I am trying to answer a question on the ticket system #467 (I have asked
> > the guy to use the mailing list, but to no avail), and yet also would
> > like to make this work myself...
> >
> > I know about
> > https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro
> > wser and the simplest way seems to be 2-Whitelist specific servers
> >
> > Given the fact that these all have hostnames, can firewall rules contain
> > these?
> 
> Unfortunately, implementing a proper walled garden involves more than that.  
> You need to resolve the hostname, add firewall rules for all the IPs the 
> hostname resolves to, and refresh that list when the DNS expires.  Not all 
> that complicated, but it requires non-trivial aditional gateway code.

It is more complicated: with virtual hosting you can have several sites
on the same IP address for which you only want a subset available in
your walled garden.

It's probably much easier to force all http traffic for unauthorized IP
address through a http proxy. Proxies already have all the necessary
logic needed to implement walled gardens correctly.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.