nodogsplash2/files/nodogsplash.config

   1
   2 # The options available here are an adaptation of the settings used in nodogsplash.conf.
   3 # See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
   4
   5 config nodogsplash
   6   # Set to 0 to disable nodogsplash
   7   option enabled 1
   8
   9   # Set to 0 to disable hook that makes Firewall restart nodogsplash when Firewall restarts
  10   # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries
  11   option fwhook_enabled '1'
  12
  13   # Serve the file splash.html from this directory
  14   option webroot '/etc/nodogsplash/htdocs'
  15
  16   # Use plain configuration file
  17   #option config '/etc/nodogsplash/nodogsplash.conf'
  18
  19   # Use this option to set the network interface the users are connected to
  20   # Must not be used with option gatewayinterface
  21   # This option automatically identifies the active lan device for nodogsplash to bind to
  22   # This option may fail if the device configured for this interface is not up when nodogsplash starts at boot time
  23   # You may change this to any valid virtual lan interface that has been defined, eg lan, lan2, public_lan wlan2 etc
  24   # option network 'lan'
  25
  26   # Use this option to set the device nogogsplash will bind to
  27   # Must not be used with option network
  28   # The nodogsplash init script will wait for this device to be up before loading the nodogsplash service
  29   # You may change this to any valid lan device eg br-lan, wlan0, eth0.1 etc
  30   option gatewayinterface 'br-lan'
  31
  32   option gatewayname 'OpenWrt Nodogsplash'
  33   option maxclients '250'
  34   #Client timeouts in minutes
  35   option clientidletimeout '120'
  36   option clientforcetimeout '1440'
  37
  38
  39   # Your router may have several interfaces, and you
  40   # probably want to keep them private from the network/gatewayinterface.
  41   # If so, you should block the entire subnets on those interfaces, e.g.:
  42   # list authenticated_users 'block to 192.168.0.0/16'
  43   # list authenticated_users 'block to 10.0.0.0/8'
  44
  45   # Typical ports you will probably want to open up.
  46   #list authenticated_users 'allow tcp port 22'
  47   #list authenticated_users 'allow tcp port 53'
  48   #list authenticated_users 'allow udp port 53'
  49   #list authenticated_users 'allow tcp port 80'
  50   #list authenticated_users 'allow tcp port 443'
  51   #Or for happy customers allow all
  52   list authenticated_users 'allow all'
  53
  54
  55   # For preauthenticated users to resolve IP addresses in their
  56   # initial request not using the router itself as a DNS server,
  57   # Leave commented to help prevent DNS tunnelling
  58   #list preauthenticated_users 'allow tcp port 53'
  59   #list preauthenticated_users 'allow udp port 53'
  60
  61   # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
  62   list users_to_router 'allow tcp port 22'
  63   list users_to_router 'allow tcp port 23'
  64   list users_to_router 'allow tcp port 53'
  65   list users_to_router 'allow udp port 53'
  66   list users_to_router 'allow udp port 67'
  67   list users_to_router 'allow tcp port 80'
  68
  69   # MAC addresses that are / are not allowed to access the splash page
  70   # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
  71   #option macmechanism 'allow'
  72   #list allowedmac '00:00:C0:01:D0:0D'
  73   #list allowedmac '00:00:C0:01:D0:1D'
  74   #list blockedmac '00:00:C0:01:D0:2D'
  75
  76   #MAC addresses that do not need to authenticate
  77   #list trustedmac '00:00:C0:01:D0:1D'
  78
  79   # Set FW_MARK for compatibilty with other OpenWrt Packages eg mwan3, sqm etc.
  80   list fw_mark_authenticated '30000'
  81   list fw_mark_trusted '20000'
  82   list fw_mark_blocked '10000'