[isf-wifidog] Understanding the WiFidog Firewall process
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Mer 27 Jan 11:20:28 EST 2010
Michael Thomas a écrit :
> Since the list is I'm copy I'll switch to English for everybody else :)
>
> By timeout for users I mean a time limit per user or per node. For
> instance a user is connected and denied access after 10 minutes and
> won't be able to access the internet in the next 30 minutes.
>
> That kind of mechanism.
>
>
>
>
>
> Le 27 janv. 2010 à 16:53, Jean-Philippe Menil
> <jean-philippe.menil at univ-nantes.f
> r> a écrit :
>
>> Michael Thomas a �crit :
>>> Bonjour Jean Philippe,
>>> D�sol� de m'adresser directement � toi, mais je lis
>>> souvent de tes contributions qui sont souvent pertinentes :)
>>> Je me demandais si dans ton impl�mentation de wifidog tu avais r
>>> �ussi � inclure le timeout pour les clients. J'ai cru
>>> comprendre d'apr�s ce que j'ai lu que l'ABUSE_CONTROL se base en
>>> fait sur les infos contenues dans la base, ce qui veut dire que l
>>> es utilisateurs se verront refuser l'acc�s � posteriori.
>>> Correct ?
>>> Si je peux aider � impl�menter cette fonction avec mes
>>> maigres connaissances PHP, je serai ravi.
>>> A bientot
>>> Michael
>>> 2010/1/27 Jean-Philippe Menil <jean-philippe.menil at univ-nantes.fr <mailto:jean-philippe.menil at univ-nantes.fr
>>> Steve Congrave a �crit :
>>> I'm trying to understand the WiFidog firewall process (sorry
>>> for
>>> newbie
>>> questions LOL) and have read the developer docs at
>>> http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
>>> The Gateway Firewall rules (iptables) mangles the initial user
>>> request and
>>> starts the auth process.
>>> I'm ok with this and the auth process but what I find hard to
>>> understand is
>>> how is the firewall opened up for an authenticated client?
>>> What is the process and ruleset that allows a client that
>>> has been
>>> authenticated, access through the firewall, and how is that
>>> then
>>> closed down
>>> after the client has been de-authenticated (if they run out of
>>> access time
>>> allowance for example)?
>>> I'm trying to understand the role of iptables and whether
>>> there
>>> are changes
>>> made to it dynamically or if something else is tagging the
>>> traffic before it
>>> hits the firewall
>>> Thanks for any help
>>> Steve
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>> Hi,
>>> here you can find a good map of the wifidog firewall rules:
>>> http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.html
>>> Regards.
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> Bonjour,
>>
>> pour des raisons de performances, nous n'utilisons plus la partie
>> serveur d'authentification de wifidog.
>> Mais, je ne suis pas s�r de comprendre ce que tu entends par
>> timeout?
>> Peux-tu pr�ciser?
>>
>> Cordialement.
>> <jean-philippe_menil.vcf>
Ok,
so, i don't knwo how wifidog can handle this.
But i'm practically sur that freeradius can do that.
Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100127/0c3e60b2/attachment.vcf>
Plus d'informations sur la liste de diffusion WiFiDog