nodogsplash: add missing config options
[feed/routing.git] / nodogsplash / files / etc / config / nodogsplash
1
2 # The options available here are an adaptation of the settings used in nodogsplash.conf.
3 # See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
4
5 config nodogsplash
6 # Set to 0 to disable nodogsplash
7 option enabled 1
8
9 # Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
10 # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
11 option fwhook_enabled '1'
12
13 # Serve the file splash.html from this directory
14 option webroot '/etc/nodogsplash/htdocs'
15
16 # Use plain configuration file
17 #option config '/etc/nodogsplash/nodogsplash.conf'
18
19 # Use this option to set the device nogogsplash will bind to.
20 # The value may be an interface section in /etc/config/network or a device name such as br-lan.
21 option gatewayinterface 'br-lan'
22
23 option gatewayname 'OpenWrt Nodogsplash'
24 option maxclients '250'
25
26 # Enables debug output (0-7)
27 #option debuglevel '7'
28
29 # Client timeouts in minutes
30 option preauthidletimeout '30'
31 option authidletimeout '120'
32 # Session Timeout is the interval after which clients are forced out (a value of 0 means never)
33 option sessiontimeout '1200'
34
35 # The interval in seconds at which nodogsplash checks client timeout status
36 option checkinterval '600'
37
38 # Enable BinAuth Support.
39 # If set, a program is called with several parameters on authentication (request) and deauthentication.
40 # Request for authentication:
41 # $<BinAuth> auth_client <client_mac> '<username>' '<password>'
42 #
43 # The username and password values may be empty strings and are URL encoded.
44 # The program is expected to output the number of seconds the client
45 # is to be authenticated. Zero or negative seconds will cause the authentification request
46 # to be rejected. The same goes for an exit code that is not 0.
47 # The output may contain a user specific download and upload limit in KBit/s:
48 # <seconds> <upload> <download>
49 #
50 # Called on authentication or deauthentication:
51 # $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end>
52 #
53 # "client_auth": Client authenticated via this script.
54 # "client_deauth": Client deauthenticated by the client via splash page.
55 # "idle_deauth": Client was deauthenticated because of inactivity.
56 # "timeout_deauth": Client was deauthenticated because the session timed out.
57 # "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
58 # "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
59 # "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
60 #
61 # Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
62 #
63 #option binauth '/bin/myauth.sh'
64
65 # Enable Forwarding Authentication Service (FAS)
66 # If set redirection is changed from splash.html to a FAS (provided by the system administrator)
67 # The value is the IP port number of the FAS
68 #option fasport '80'
69
70 # Option: fasremoteip
71 # Default: GatewayAddress (the IP of NDS)
72 # If set, this is the remote ip address of the FAS.
73 #option fasremoteip '46.32.240.41'
74
75 # Option: faspath
76 # Default: /
77 # This is the path from the FAS Web Root to the FAS login page
78 # (not the file system root).
79 #option faspath '/onboard-wifi.net/nodog/fas.php'
80
81 # Option: fas_secure_enabled
82 # Default: 1
83 # If set to "1", authaction and the client token are not revealed and it is the responsibility
84 # of the FAS to request the token from NDSCTL.
85 # If set to "0", the client token is sent to the FAS in clear text in the query string of the
86 # redirect along with authaction and redir.
87 #option fas_secure_enabled '0'
88
89 # Your router may have several interfaces, and you
90 # probably want to keep them private from the network/gatewayinterface.
91 # If so, you should block the entire subnets on those interfaces, e.g.:
92 #list authenticated_users 'block to 192.168.0.0/16'
93 #list authenticated_users 'block to 10.0.0.0/8'
94
95 # Typical ports you will probably want to open up.
96 #list authenticated_users 'allow tcp port 22'
97 #list authenticated_users 'allow tcp port 53'
98 #list authenticated_users 'allow udp port 53'
99 #list authenticated_users 'allow tcp port 80'
100 #list authenticated_users 'allow tcp port 443'
101 # Or for happy customers allow all
102 list authenticated_users 'allow all'
103
104 # For preauthenticated users to resolve IP addresses in their
105 # initial request not using the router itself as a DNS server,
106 # Leave commented to help prevent DNS tunnelling
107 #list preauthenticated_users 'allow tcp port 53'
108 #list preauthenticated_users 'allow udp port 53'
109
110 # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
111 list users_to_router 'allow tcp port 22'
112 list users_to_router 'allow tcp port 23'
113 list users_to_router 'allow tcp port 53'
114 list users_to_router 'allow udp port 53'
115 list users_to_router 'allow udp port 67'
116 list users_to_router 'allow tcp port 80'
117
118 # MAC addresses that are / are not allowed to access the splash page
119 # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
120 #option macmechanism 'allow'
121 #list allowedmac '00:00:C0:01:D0:0D'
122 #list allowedmac '00:00:C0:01:D0:1D'
123 #list blockedmac '00:00:C0:01:D0:2D'
124
125 # MAC addresses that do not need to authenticate
126 #list trustedmac '00:00:C0:01:D0:1D'
127
128 # Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
129 # This mask can conflict with the requirements of other packages such as mwan3, sqm etc
130 # Any values set here are interpreted as in hex format.
131 #
132 # List: fw_mark_authenticated
133 # Default: 30000 (0011|0000|0000|0000|0000 binary)
134 #
135 # List: fw_mark_trusted
136 # Default: 20000 (0010|0000|0000|0000|0000 binary)
137 #
138 # List: fw_mark_blocked
139 # Default: 10000 (0001|0000|0000|0000|0000 binary)
140 #
141 #list fw_mark_authenticated '30000'
142 #list fw_mark_trusted '20000'
143 #list fw_mark_blocked '10000'
144