102 | | == Q: Is it possible to block all outgoing TCP/UDP ports until a user has authenticated via WiFiDog's login page ? == |
103 | | |
104 | | A: There is currently a bug (#74) in the gateway firewall. If you set up your OpenWrt-powered router with a bridged network interface (default), the current firewall rules of !OpenWrt do not permit to block all outgoing TCP/UDP ports except port 80 until a user has authenticated via WiFiDog's login page. |
105 | | |
106 | | The workround is to disable forwarding from the bridge interface to the wan interface: |
107 | | {{{ |
108 | | # The following lines have been commented out for WiFiDog to work |
109 | | # iptables -A FORWARD -i br0 -o br0 -j ACCEPT |
110 | | # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT |
111 | | }}} |
112 | | |