[isf-wifidog] WiFiDog and the Nintendo DS
Wichert Akkerman
wichert at wiggy.net
Mar 20 Mai 04:37:49 EDT 2008
Previously Benoit Grégoire wrote:
> On 12 May 2008, Robin Jones wrote:
> > I am trying to answer a question on the ticket system #467 (I have asked
> > the guy to use the mailing list, but to no avail), and yet also would
> > like to make this work myself...
> >
> > I know about
> > https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro
> > wser and the simplest way seems to be 2-Whitelist specific servers
> >
> > Given the fact that these all have hostnames, can firewall rules contain
> > these?
>
> Unfortunately, implementing a proper walled garden involves more than that.
> You need to resolve the hostname, add firewall rules for all the IPs the
> hostname resolves to, and refresh that list when the DNS expires. Not all
> that complicated, but it requires non-trivial aditional gateway code.
It is more complicated: with virtual hosting you can have several sites
on the same IP address for which you only want a subset available in
your walled garden.
It's probably much easier to force all http traffic for unauthorized IP
address through a http proxy. Proxies already have all the necessary
logic needed to implement walled gardens correctly.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Plus d'informations sur la liste de diffusion WiFiDog