[isf-wifidog] IPTables AuthServers is too loose, how can I tighten it up?

pslists pslists at gmail.com
Lun 20 Juil 18:22:07 EDT 2009

I am running the WifiDog that comes with DD-WRT v24-sp2. The WiFi router 
is connected to my private LAN ( and thence to a ZyXel 
ADSL router and so to the Internet. I want to block all access from the 
WiFi subnet ( to the LAN with the exception of the Auth 
server on and the ZxXel gateway.

The problem is that the IPTables created by WiFiDog have a group for 
AuthServers as the first WiFiDog group and this allows unrestricted 
access to the Auth server IP address, not just to the port providing the 
Auth services.

As a result, even unknown users have unrestricted, e.g. CIFS, access to 
the server, which is in fact a Synology DS207+ NAS server with NFS and 
CIFS shares and other services that I don't want to make public.

I could update the IPTables by hand, or by script after WiFiDog is 
started , or by cron job to make sure they are not overwritten, but this 
seems like a bit of a kludge.

Is there a way to get WiFiDog configuration to protect my server, or 
should I raise a ticket for this exposure?

Pete Shew

__________ Information from ESET Smart Security, version of virus signature database 4262 (20090720) __________

The message was checked by ESET Smart Security.


Plus d'informations sur la liste de diffusion WiFiDog