[isf-wifidog] Understanding the WiFidog Firewall process

[Steve Congrave]

-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Jean-Philippe
Menil
Sent: Wednesday, January 27, 2010 8:34 AM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] Understanding the WiFidog Firewall process

Steve Congrave a écrit :
> I'm trying to understand the WiFidog firewall process (sorry for 
> newbie questions LOL) and have read the developer docs at 
> http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
> 
> The Gateway Firewall rules (iptables) mangles the initial user request 
> and starts the auth process.
> I'm ok with this and the auth process but what I find hard to 
> understand is how is the firewall opened up for an authenticated client?
> 
> What is the process and ruleset that allows a client that has been 
> authenticated, access through the firewall, and how is that then 
> closed down after the client has been de-authenticated (if they run 
> out of access time allowance for example)?
> 
> I'm trying to understand the role of iptables and whether there are 
> changes made to it dynamically or if something else is tagging the 
> traffic before it hits the firewall
> 
> Thanks for any help
> 
> Steve
> 

>
>Hi,

>here you can find a good map of the wifidog firewall rules:

>http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.
html

>Regards.

Thanks

I can see the diagram but not familiar with the Arabic text :)

So iptables chains/rulesets are static and don't change.

How can we see the list and status of users on the node so that I can
determine their 'pathway' through the iptables chains? Is this information
available or could it be logged by a hack to the source?

Steve