[isf-wifidog] Understanding the WiFidog Firewall process

[Jean-Philippe Menil]

Michael Thomas a écrit :
> Since the list is I'm copy I'll switch to English for everybody else :)
> 
> By timeout for users I mean a time limit per user or per node. For
> instance a user is connected and denied access after 10 minutes and
> won't be able to access the internet in the next 30 minutes.
> 
> That kind of mechanism.
> 
> 
> 
> 
> 
> Le 27 janv. 2010 à 16:53, Jean-Philippe Menil
> <jean-philippe.menil at univ-nantes.f
> r> a écrit :
> 
>> Michael Thomas a �crit :
>>> Bonjour Jean Philippe,
>>> D�sol� de m'adresser directement � toi, mais je lis
>>> souvent de tes contributions qui sont souvent pertinentes :)
>>> Je me demandais si dans ton impl�mentation de wifidog tu avais r
>>> �ussi � inclure le timeout pour les clients. J'ai cru
>>> comprendre d'apr�s ce que j'ai lu que l'ABUSE_CONTROL se base en
>>>  fait sur les infos contenues dans la base, ce qui veut dire que l
>>> es utilisateurs se verront refuser l'acc�s � posteriori.
>>> Correct ?
>>> Si je peux aider � impl�menter cette fonction avec mes
>>> maigres connaissances PHP, je serai ravi.
>>> A bientot
>>> Michael
>>> 2010/1/27 Jean-Philippe Menil <jean-philippe.menil at univ-nantes.fr <mailto:jean-philippe.menil at univ-nantes.fr
>>>    Steve Congrave a �crit :
>>>        I'm trying to understand the WiFidog firewall process (sorry
>>> for
>>>        newbie
>>>        questions LOL) and have read the developer docs at
>>>        http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
>>>        The Gateway Firewall rules (iptables) mangles the initial user
>>>        request and
>>>        starts the auth process.
>>>        I'm ok with this and the auth process but what I find hard to
>>>        understand is
>>>        how is the firewall opened up for an authenticated client?
>>>        What is the process and ruleset that allows a client that
>>> has been
>>>        authenticated, access through the firewall, and how is that
>>> then
>>>        closed down
>>>        after the client has been de-authenticated (if they run out of
>>>        access time
>>>        allowance for example)?
>>>        I'm trying to understand the role of iptables and whether
>>> there
>>>        are changes
>>>        made to it dynamically or if something else is tagging the
>>>        traffic before it
>>>        hits the firewall
>>>        Thanks for any help
>>>        Steve
>>>        _______________________________________________
>>>        WiFiDog mailing list
>>>        WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org
>>>        http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>    Hi,
>>>    here you can find a good map of the wifidog firewall rules:
>>>    http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.html
>>>    Regards.
>>>    _______________________________________________
>>>    WiFiDog mailing list
>>>    WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org
>>>    http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> Bonjour,
>>
>> pour des raisons de performances, nous n'utilisons plus la partie
>> serveur d'authentification de wifidog.
>> Mais, je ne suis pas s�r de comprendre ce que tu entends par
>> timeout?
>> Peux-tu pr�ciser?
>>
>> Cordialement.
>> <jean-philippe_menil.vcf>
Ok,
so, i don't knwo how wifidog can handle this.
But i'm practically sur that freeradius can do that.

Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100127/0c3e60b2/attachment.vcf>