[isf-wifidog] IPTables AuthServers is too loose, how can I tighten it up?
pslists
pslists at gmail.com
Lun 20 Juil 18:22:07 EDT 2009
I am running the WifiDog that comes with DD-WRT v24-sp2. The WiFi router
is connected to my private LAN (192.168.0.0/24) and thence to a ZyXel
ADSL router and so to the Internet. I want to block all access from the
WiFi subnet (192.168.6.0/24) to the LAN with the exception of the Auth
server on 192.168.0.16:8880 and the ZxXel gateway.
The problem is that the IPTables created by WiFiDog have a group for
AuthServers as the first WiFiDog group and this allows unrestricted
access to the Auth server IP address, not just to the port providing the
Auth services.
As a result, even unknown users have unrestricted, e.g. CIFS, access to
the server, which is in fact a Synology DS207+ NAS server with NFS and
CIFS shares and other services that I don't want to make public.
I could update the IPTables by hand, or by script after WiFiDog is
started , or by cron job to make sure they are not overwritten, but this
seems like a bit of a kludge.
Is there a way to get WiFiDog configuration to protect my server, or
should I raise a ticket for this exposure?
Pete Shew
__________ Information from ESET Smart Security, version of virus signature database 4262 (20090720) __________
The message was checked by ESET Smart Security.
http://www.eset.com
Plus d'informations sur la liste de diffusion WiFiDog