Show
Ignore:
Timestamp:
04/27/07 13:15:47 (5 years ago)
Author:
benoitg
Message:
  • wifidog.conf: Improve comments and add examples of blocking access to the upstream LAN.
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/wifidog/wifidog.conf

    r1162 r1224  
    1818# Optional 
    1919# 
    20 # Set this to the external interface.  Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, 
     20# Set this to the external interface (the one going out to the Inernet or your larger LAN).   
     21# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, 
    2122# Normally autodetected 
    2223 
     
    2728# Mandatory 
    2829# 
    29 # Set this to the internal interface.    Typically br0 for OpenWrt, and eth1 otherwise 
     30# Set this to the internal interface (typically your wifi interface).     
     31# Typically br0 for OpenWrt, and eth1, wlan0, ath0, etc. otherwise 
    3032 
    3133GatewayInterface eth1 
     
    3537# Optional 
    3638# 
    37 # Set this to the internal IP address of the gateway 
     39# Set this to the internal IP address of the gateway.  Not normally required. 
    3840 
    3941# GatewayAddress 192.168.1.1 
     
    6567#    Path / 
    6668#} 
    67  
    68 # Parameter: Portal 
    69 # Default: none 
    70 # Optional 
    71 # 
    72 # Set this to a URL for your portal, if you run without an auth server 
    73 # Portal http://www.ilesansfil.org/ 
    7469 
    7570# Parameter: Daemon 
     
    144139# Used for rules to be applied to all other rulesets except locked. 
    145140FirewallRuleSet global { 
    146     # This is the default config for the Teliphone service. 
     141    ## To block SMTP out, as it's a tech support nightmare, and a legal liability 
     142    #FirewallRule block tcp port 25 
     143     
     144    ## Use the following if you don't want clients to be able to access machines on  
     145    ## the private LAN that gives internet access to wifidog.  Note that this is not 
     146    ## client isolation;  The laptops will still be able to talk to one another, as 
     147    ## well as to any machine bridged to the wifi of the router. 
     148    # FirewallRule block to 192.168.0.0/16 
     149    # FirewallRule block to 172.16.0.0/12 
     150    # FirewallRule block to 10.0.0.0/8 
     151     
     152    ## This is an example ruleset for the Teliphone service. 
    147153    #FirewallRule allow udp to 69.90.89.192/27 
    148154    #FirewallRule allow udp to 69.90.85.0/27 
    149155    #FirewallRule allow tcp port 80 to 69.90.89.205 
    150     # To block SMTP out, as it's a tech support nightmare, and a legal liability 
    151     #FirewallRule block tcp port 25 
    152156} 
    153157