Gateway doesn't properly firewall off ports other than 80

[benoitg]

Test case: access  https://sf.net without authenticating.

This bug is NOT caused by the fix to #65

The problem is either that wifidog doesn't explicitely drop packets that do not match any of it's allow conditions, or that it insert's it's rules in the wrong order.

If you have a default policy of accept, everything will go through (except port 80). This is not what is supposed to happen.

The default configuration of OpenWRT is susceptible to this problem. See FAQ for a workaround.

[max-horvath]

This is what we've been talking about in bug #2 all the time ...

[max-horvath]

Bug #2 is something different but it hasn't been fixed, too ...

Cause when bug #2 happends (which happends to a lot of people) it would go directly to  https://sf.net/ ...

If bug #2 is not in effect (because of no bridging) nothing happends at all ...

Suggestion for a bugfix from ankh: iptables -t nat -A WiFiDog_Unknow -p tcp --dport 443 -j REDIRECT --to-ports 2060

[Alexandre Carmel-Veilleux]

If we redirect port 443, we have to have SSL handled on the redirection port. stunnel has a mode where it can be used as SSL-ifying proxy for web sites.

[anonymous]

all ports should be blocked untill the user auths this way you can limit his access so he doesnt sit and use a p2p on another port without auth.

[benoitg]

All right, this bug must have been the most ill-defined bug in the history of wifidog. However, I could no longer reproduce it once I upgraded to 1.1.3beta6. So unless someone can reproduce, this is finally closed.