[isf-wifidog] Understanding the WiFidog Firewall process
Michael Thomas
madmaiike at gmail.com
Mer 27 Jan 11:16:07 EST 2010
Looks precisely like what I want :). I'll do my best to help out.
Michael
Le 27 janv. 2010 à 17:03, Genevieve Bastien <gbastien at versatic.net> a
écrit :
Hi Michael,
We're actually working on implementing a new token architecture that should,
in a not too distant future hopefully, allow to control all these settings.
If you'd like to help out on this one, here's some doc about what will be
implemented https://dev.wifidog.org/wiki/doc/developer/TokenArchitecture,
and we are working on a branch of the code at
https://dev.wifidog.org/svn/branches/newtoken.
--
Geneviève Bastien
Michael Thomas wrote:
Since the list is I'm copy I'll switch to English for everybody else :)
By timeout for users I mean a time limit per user or per node. For
instance a user is connected and denied access after 10 minutes and
won't be able to access the internet in the next 30 minutes.
That kind of mechanism.
Le 27 janv. 2010 à 16:53, Jean-Philippe Menil<jean-philippe.menil at univ-nantes.f
r> <jean-philippe.menil at univ-nantes.fr> a écrit :
Michael Thomas a �crit :
Bonjour Jean Philippe,
D�sol� de m'adresser directement � toi, mais je lis
souvent de tes contributions qui sont souvent pertinentes :)
Je me demandais si dans ton impl�mentation de wifidog tu avais r
�ussi � inclure le timeout pour les clients. J'ai cru
comprendre d'apr�s ce que j'ai lu que l'ABUSE_CONTROL se base en
fait sur les infos contenues dans la base, ce qui veut dire que l
es utilisateurs se verront refuser l'acc�s � posteriori.
Correct ?
Si je peux aider � impl�menter cette fonction avec mes
maigres connaissances PHP, je serai ravi.
A bientot
Michael
2010/1/27 Jean-Philippe Menil <jean-philippe.menil at univ-nantes.fr
<mailto:jean-philippe.menil at univ-nantes.fr
<jean-philippe.menil at univ-nantes.fr>
<jean-philippe.menil at univ-nantes.fr>
Steve Congrave a �crit :
I'm trying to understand the WiFidog firewall process (sorry
for
newbie
questions LOL) and have read the developer docs at
http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
The Gateway Firewall rules (iptables) mangles the initial user
request and
starts the auth process.
I'm ok with this and the auth process but what I find hard to
understand is
how is the firewall opened up for an authenticated client?
What is the process and ruleset that allows a client that
has been
authenticated, access through the firewall, and how is that
then
closed down
after the client has been de-authenticated (if they run out of
access time
allowance for example)?
I'm trying to understand the role of iptables and whether
there
are changes
made to it dynamically or if something else is tagging the
traffic before it
hits the firewall
Thanks for any help
Steve
_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
<mailto:WiFiDog at listes.ilesansfil.org <WiFiDog at listes.ilesansfil.org>
<WiFiDog at listes.ilesansfil.org>
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,
here you can find a good map of the wifidog firewall rules:
http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.html
Regards.
_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org
<WiFiDog at listes.ilesansfil.org> <WiFiDog at listes.ilesansfil.org>
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Bonjour,
pour des raisons de performances, nous n'utilisons plus la partie
serveur d'authentification de wifidog.
Mais, je ne suis pas s�r de comprendre ce que tu entends par
timeout?
Peux-tu pr�ciser?
Cordialement.
<jean-philippe_menil.vcf>
_______________________________________________
WiFiDog mailing
listWiFiDog at listes.ilesansfil.orghttp://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100127/5e341be2/attachment-0001.htm>
Plus d'informations sur la liste de diffusion WiFiDog