nodogsplash/files/etc/config/nodogsplash

   1
   2 # The options available here are an adaptation of the settings used in nodogsplash.conf.
   3 # See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
   4
   5 config nodogsplash
   6   # Set to 0 to disable nodogsplash
   7   option enabled 1
   8
   9   # Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
  10   # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
  11   option fwhook_enabled '1'
  12
  13   # Serve the file splash.html from this directory
  14   option webroot '/etc/nodogsplash/htdocs'
  15
  16   # Use plain configuration file
  17   #option config '/etc/nodogsplash/nodogsplash.conf'
  18
  19   # Use this option to set the device nogogsplash will bind to.
  20   # The value may be an interface section in /etc/config/network or a device name such as br-lan.
  21   option gatewayinterface 'br-lan'
  22
  23   option gatewayname 'OpenWrt Nodogsplash'
  24   option maxclients '250'
  25
  26   # Enables debug output (0-7)
  27   #option debuglevel '7'
  28
  29   # Client timeouts in minutes
  30   option preauthidletimeout '10'
  31   option authidletimeout '120'
  32
  33   # Your router may have several interfaces, and you
  34   # probably want to keep them private from the network/gatewayinterface.
  35   # If so, you should block the entire subnets on those interfaces, e.g.:
  36   # list authenticated_users 'block to 192.168.0.0/16'
  37   # list authenticated_users 'block to 10.0.0.0/8'
  38
  39   # Typical ports you will probably want to open up.
  40   #list authenticated_users 'allow tcp port 22'
  41   #list authenticated_users 'allow tcp port 53'
  42   #list authenticated_users 'allow udp port 53'
  43   #list authenticated_users 'allow tcp port 80'
  44   #list authenticated_users 'allow tcp port 443'
  45   # Or for happy customers allow all
  46   list authenticated_users 'allow all'
  47
  48   # For preauthenticated users to resolve IP addresses in their
  49   # initial request not using the router itself as a DNS server,
  50   # Leave commented to help prevent DNS tunnelling
  51   #list preauthenticated_users 'allow tcp port 53'
  52   #list preauthenticated_users 'allow udp port 53'
  53
  54   # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
  55   list users_to_router 'allow tcp port 22'
  56   list users_to_router 'allow tcp port 23'
  57   list users_to_router 'allow tcp port 53'
  58   list users_to_router 'allow udp port 53'
  59   list users_to_router 'allow udp port 67'
  60   list users_to_router 'allow tcp port 80'
  61
  62   # MAC addresses that are / are not allowed to access the splash page
  63   # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
  64   #option macmechanism 'allow'
  65   #list allowedmac '00:00:C0:01:D0:0D'
  66   #list allowedmac '00:00:C0:01:D0:1D'
  67   #list blockedmac '00:00:C0:01:D0:2D'
  68
  69   # MAC addresses that do not need to authenticate
  70   #list trustedmac '00:00:C0:01:D0:1D'
  71
  72   # Set FW_MARK for compatibilty with other OpenWrt Packages eg mwan3, sqm etc.
  73   list fw_mark_authenticated '30000'
  74   list fw_mark_trusted '20000'
  75   list fw_mark_blocked '10000'