Hi, <br><br>I do now know exactly how wifidog process its firewall rules, but lets say it simply craft netfilters rules and pass them to iptables. <br><br>It this case, you don't have any choices other than specifying the range since the domain-name will be resolved only to one of those addresses and your rule won't match that often.<br>
<br>Once again, i do not know for wifidog, but I know that iptables does work with CIDR mask (example : <a href="http://192.168.1.0/24).">192.168.1.0/24).</a>.. <br><br>Pascal<br><br><div class="gmail_quote">On Mon, May 12, 2008 at 7:48 PM, Robin Jones <<a href="mailto:Robin@networkfusion.co.uk">Robin@networkfusion.co.uk</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I am trying to answer a question on the ticket system #467 (I have asked<br>
the guy to use the mailing list, but to no avail), and yet also would<br>
like to make this work myself...<br>
<br>
I know about<br>
<a href="https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro" target="_blank">https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro</a><br>
wser and the simplest way seems to be 2-Whitelist specific servers<br>
<br>
Given the fact that these all have hostnames, can firewall rules contain<br>
these?<br>
<br>
If not, can you white list IP Ranges and corresponding ports?<br>
<br>
So for example, the servers I would like to white list are as follows:<br>
<br>
<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a> - <a href="http://83.36.93.1" target="_blank">83.36.93.1</a> to <a href="http://83.36.93.255" target="_blank">83.36.93.255</a><br>
<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a> - <a href="http://61.54.24.1" target="_blank">61.54.24.1</a> to <a href="http://61.54.24.255" target="_blank">61.54.24.255</a><br>
<a href="http://nas.nintendowifi.net" target="_blank">nas.nintendowifi.net</a> - <a href="http://192.195.204.1" target="_blank">192.195.204.1</a> to <a href="http://192.195.204.255" target="_blank">192.195.204.255</a><br>
<a href="http://gs.nintendowifi.net" target="_blank">gs.nintendowifi.net</a> - <a href="http://207.38.11.1" target="_blank">207.38.11.1</a> to <a href="http://207.38.11.255" target="_blank">207.38.11.255</a><br>
<a href="http://nus.shop.wii.com" target="_blank">nus.shop.wii.com</a> - <a href="http://209.67.106.1" target="_blank">209.67.106.1</a> to <a href="http://209.67.106.255" target="_blank">209.67.106.255</a><br>
<a href="http://rcw.wc24.wii.com" target="_blank">rcw.wc24.wii.com</a> - <a href="http://125.199.254.1" target="_blank">125.199.254.1</a> to <a href="http://125.199.254.255" target="_blank">125.199.254.255</a><br>
<a href="http://cfh.wapp.wii.com" target="_blank">cfh.wapp.wii.com</a> - <a href="http://84.53.134.1" target="_blank">84.53.134.1</a> to <a href="http://84.53.134.255" target="_blank">84.53.134.255</a><br>
<a href="http://weather.wapp.wii.com" target="_blank">weather.wapp.wii.com</a> A - <a href="http://84.53.136.1" target="_blank">84.53.136.1</a> to <a href="http://84.53.136.255" target="_blank">84.53.136.255</a><br>
<a href="http://weather.wapp.wii.com" target="_blank">weather.wapp.wii.com</a> B - <a href="http://213.155.151.1" target="_blank">213.155.151.1</a> to <a href="http://213.155.151.255" target="_blank">213.155.151.255</a><br>
<a href="http://opera.com" target="_blank">opera.com</a> - <a href="http://213.236.208.1" target="_blank">213.236.208.1</a> to <a href="http://213.236.208.255" target="_blank">213.236.208.255</a><br>
<a href="http://american-sk8land.com" target="_blank">american-sk8land.com</a> - <a href="http://70.86.183.1" target="_blank">70.86.183.1</a> to <a href="http://70.86.183.255" target="_blank">70.86.183.255</a><br>
<br>
So would the corresponding firewall rules in wifidog.conf work?:<br>
<br>
FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 to<br>
83.36.93.1-83.36.93.255<br>
<br>
Or<br>
<br>
FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 to<br>
<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a><br>
<br>
<br>
It has also been recommended to allow all udp traffic, would this be a<br>
security risk?<br>
<br>
<br>
<br>
Thanks,<br>
<br>
<br>
Robin Jones.<br>
<br>
<br>
_______________________________________________<br>
WiFiDog mailing list<br>
<a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br>
<a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog" target="_blank">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Pascal Charest, Free software consultant {GNU/Linux}<br><a href="http://blog.pacharest.com">http://blog.pacharest.com</a>