[isf-wifidog] Understanding the WiFidog Firewall process

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Mer 27 Jan 10:55:14 EST 2010 

Steve Congrave a écrit :
> 
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Jean-Philippe
> Menil
> Sent: Wednesday, January 27, 2010 8:34 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Understanding the WiFidog Firewall process
> 
> Steve Congrave a écrit :
>> I'm trying to understand the WiFidog firewall process (sorry for 
>> newbie questions LOL) and have read the developer docs at 
>> http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
>>
>> The Gateway Firewall rules (iptables) mangles the initial user request 
>> and starts the auth process.
>> I'm ok with this and the auth process but what I find hard to 
>> understand is how is the firewall opened up for an authenticated client?
>>
>> What is the process and ruleset that allows a client that has been 
>> authenticated, access through the firewall, and how is that then 
>> closed down after the client has been de-authenticated (if they run 
>> out of access time allowance for example)?
>>
>> I'm trying to understand the role of iptables and whether there are 
>> changes made to it dynamically or if something else is tagging the 
>> traffic before it hits the firewall
>>
>> Thanks for any help
>>
>> Steve
>>
> 
>> Hi,
> 
>> here you can find a good map of the wifidog firewall rules:
> 
>> http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.
> html
> 
>> Regards.
> 
> Thanks
> 
> I can see the diagram but not familiar with the Arabic text :)
> 
> So iptables chains/rulesets are static and don't change.
> 
> How can we see the list and status of users on the node so that I can
> determine their 'pathway' through the iptables chains? Is this information
> available or could it be logged by a hack to the source?
> 
> Steve
> 
> 
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
I'm not sure to understand very well what you want to do.

You can see your authenticated clients in the mangle table:
iptables -t mangle -nvL

Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100127/91cb6d41/attachment-0001.vcf>

Plus d'informations sur la liste de diffusion WiFiDog