# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
config nodogsplash
- # Set to 1 to enable nodogsplash
- option enabled 0
+ # Set to 0 to disable nodogsplash
+ option enabled 1
+
+ # Set to 0 to disable hook that makes Firewall restart nodogsplash when Firewall restarts
+ # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries
+ option fwhook_enabled '1'
# Serve the file splash.html from this directory
option webroot '/etc/nodogsplash/htdocs'
# Use plain configuration file
#option config '/etc/nodogsplash/nodogsplash.conf'
- # The network the users are connected to
- option network 'lan'
- option gatewayname 'LEDE Nodogsplash'
+ # Use this option to set the network interface the users are connected to
+ # Must not be used with option gatewayinterface
+ # This option automatically identifies the active lan device for nodogsplash to bind to
+ # This option may fail if the device configured for this interface is not up when nodogsplash starts at boot time
+ # You may change this to any valid virtual lan interface that has been defined, eg lan, lan2, public_lan wlan2 etc
+ # option network 'lan'
+
+ # Use this option to set the device nogogsplash will bind to
+ # Must not be used with option network
+ # The nodogsplash init script will wait for this device to be up before loading the nodogsplash service
+ # You may change this to any valid lan device eg br-lan, wlan0, eth0.1 etc
+ option gatewayinterface 'br-lan'
+
+ option gatewayname 'OpenWrt Nodogsplash'
option maxclients '250'
- option clientidletimeout '1200'
+ # Client timeouts in minutes
+ option clientidletimeout '120'
+ option clientforcetimeout '1440'
+
# Your router may have several interfaces, and you
# probably want to keep them private from the network/gatewayinterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
- list authenticated_users 'block to 192.168.0.0/16'
- list authenticated_users 'block to 10.0.0.0/8'
+ # list authenticated_users 'block to 192.168.0.0/16'
+ # list authenticated_users 'block to 10.0.0.0/8'
# Typical ports you will probably want to open up.
- list authenticated_users 'allow tcp port 22'
- list authenticated_users 'allow tcp port 53'
- list authenticated_users 'allow udp port 53'
- list authenticated_users 'allow tcp port 80'
- list authenticated_users 'allow tcp port 443'
+ #list authenticated_users 'allow tcp port 22'
+ #list authenticated_users 'allow tcp port 53'
+ #list authenticated_users 'allow udp port 53'
+ #list authenticated_users 'allow tcp port 80'
+ #list authenticated_users 'allow tcp port 443'
+ # Or for happy customers allow all
+ list authenticated_users 'allow all'
+
# For preauthenticated users to resolve IP addresses in their
# initial request not using the router itself as a DNS server,
- list preauthenticated_users 'allow tcp port 53'
- list preauthenticated_users 'allow udp port 53'
+ # Leave commented to help prevent DNS tunnelling
+ #list preauthenticated_users 'allow tcp port 53'
+ #list preauthenticated_users 'allow udp port 53'
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
list users_to_router 'allow tcp port 22'
list users_to_router 'allow udp port 53'
list users_to_router 'allow udp port 67'
list users_to_router 'allow tcp port 80'
- list users_to_router 'allow tcp port 443'
# MAC addresses that are / are not allowed to access the splash page
# Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
#list allowedmac '00:00:C0:01:D0:1D'
#list blockedmac '00:00:C0:01:D0:2D'
- #MAC addresses that do not need to authenticate
+ # MAC addresses that do not need to authenticate
#list trustedmac '00:00:C0:01:D0:1D'
+
+ # Set FW_MARK for compatibilty with other OpenWrt Packages eg mwan3, sqm etc.
+ list fw_mark_authenticated '30000'
+ list fw_mark_trusted '20000'
+ list fw_mark_blocked '10000'