From b7277aee3c6e583d65600b48c33fb3315b384c6b Mon Sep 17 00:00:00 2001 From: wbx Date: Wed, 21 Sep 2005 05:18:56 +0000 Subject: wifidog package from Philippe April, thx git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1966 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/wifidog/files/wifidog.conf | 177 +++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 package/wifidog/files/wifidog.conf (limited to 'package/wifidog/files/wifidog.conf') diff --git a/package/wifidog/files/wifidog.conf b/package/wifidog/files/wifidog.conf new file mode 100644 index 000000000..10b173a9a --- /dev/null +++ b/package/wifidog/files/wifidog.conf @@ -0,0 +1,177 @@ +# $Header$ +# WiFiDog Configuration file + +# Parameter: GatewayID +# Default: default +# Optional but essential for monitoring purposes +# +# Set this to the template ID on the auth server +# this is used to give a customized login page to the clients +# If none is supplied, the default login page will be used. + +GatewayID default + +# Parameter: ExternalInterface +# Default: NONE +# Optional +# +# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise + +# ExternalInterface eth0 + +# Parameter: GatewayInterface +# Default: NONE +# Mandatory +# +# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise + +GatewayInterface br0 + +# Parameter: GatewayAddress +# Default: Find it from GatewayInterface +# Optional +# +# Set this to the internal IP address of the gateway + +# GatewayAddress 192.168.1.1 + +# Parameter: AuthServMaxTries +# Default: 1 +# Optional +# +# Sets the number of auth servers the gateway will attempt to contact when a request fails. +# this number should be equal to the number of AuthServer lines in this +# configuration but it should probably not exceed 3. + +# AuthServMaxTries 3 + +# Parameter: AuthServer +# Default: NONE +# Mandatory +# +# Set this to the hostname or IP of your auth server, the path where +# WiFiDog-auth resides and optionally as a second argument, the port it +# listens on. +#AuthServer { +# Hostname (Mandatory; Default: NONE) +# SSLAvailable (Optional; Default: no; Possible values: yes, no) +# SSLPort 443 (Optional; Default: 443) +# HTTPPort 80 (Optional; Default: 80) +# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +#} + +#AuthServer { +# Hostname auth.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +#AuthServer { +# Hostname auth2.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +#AuthServer { +# Hostname auth3.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +# Parameter: Daemon +# Default: 1 +# Optional +# +# Set this to true if you want to run as a daemon +# Daemon 1 + +# Parameter: GatewayPort +# Default: 2060 +# Optional +# +# Listen on this port +# GatewayPort 2060 + +# Parameter: HTTPDName +# Default: WiFiDog +# Optional +# +# Define what name the HTTPD server will respond +# HTTPDName WiFiDog + +# Parameter: HTTPDMaxConn +# Default: 10 +# Optional +# +# How many sockets to listen to +# HTTPDMaxConn 10 + +# Parameter: CheckInterval +# Default: 60 +# Optional +# +# How many seconds should we wait between timeout checks +CheckInterval 60 + +# Parameter: ClientTimeout +# Default: 5 +# Optional +# +# Set this to the desired of number of CheckInterval of inactivity before a client is logged out +# The timeout will be INTERVAL * TIMEOUT +ClientTimeout 5 + +# Parameter: FirewallRuleSet +# Default: none +# Mandatory +# +# Groups a number of FirewallRule statements together. + +# Parameter: FirewallRule +# Default: none +# +# Define one firewall rule in a rule set. + +# Rule Set: global +# +# Used for rules to be applied to all other rulesets except locked. +# This is the default config for the Teliphone service. +FirewallRuleSet global { + FirewallRule allow udp to 69.90.89.192/27 + FirewallRule allow udp to 69.90.85.0/27 + FirewallRule allow tcp port 80 to 69.90.89.205 +} + +# Rule Set: validating-users +# +# Used for new users validating their account +FirewallRuleSet validating-users { + FirewallRule block tcp port 25 + FirewallRule allow to 0.0.0.0/0 +} + +# Rule Set: known-users +# +# Used for normal validated users. +FirewallRuleSet known-users { + FirewallRule allow to 0.0.0.0/0 +} + +# Rule Set: unknown-users +# +# Used for unvalidated users, this is the ruleset that gets redirected. +# +# XXX The redirect code adds the Default DROP clause. +FirewallRuleSet unknown-users { + FirewallRule allow udp port 53 + FirewallRule allow tcp port 53 + FirewallRule allow udp port 67 + FirewallRule allow tcp port 67 +} + +# Rule Set: locked-users +# +# Used for users that have been locked out. +FirewallRuleSet locked-users { + FirewallRule block to 0.0.0.0/0 +} -- cgit v1.2.3