nodogsplash2/files/nodogsplash.config

   1
   2 # The options available here are an adaptation of the settings used in nodogsplash.conf.
   3 # See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
   4
   5 config nodogsplash
   6   # Set to 0 to disable nodogsplash
   7   option enabled 1
   8
   9   # Serve the file splash.html from this directory
  10   option webroot '/etc/nodogsplash/htdocs'
  11
  12   # Use plain configuration file
  13   #option config '/etc/nodogsplash/nodogsplash.conf'
  14
  15   # Use this option to set the network interface the users are connected to
  16   # Must not be used with option gatewayinterface
  17   # This option automatically identifies the active lan device for nodogsplash to bind to
  18   # This option may fail if the device configured for this interface is not up when nodogsplash starts at boot time
  19   # You may change this to any valid virtual lan interface that has been defined, eg lan, lan2, public_lan wlan2 etc
  20   # option network 'lan'
  21
  22   # Use this option to set the device nogogsplash will bind to
  23   # Must not be used with option network
  24   # The nodogsplash init script will wait for this device to be up before loading the nodogsplash service
  25   # You may change this to any valid lan device eg br-lan, wlan0, eth0.1 etc
  26   option gatewayinterface 'br-lan'
  27
  28   option gatewayname 'OpenWrt Nodogsplash'
  29   option maxclients '250'
  30   #Client timeouts in minutes
  31   option clientidletimeout '120'
  32   option clientforcetimeout '1440'
  33
  34
  35   # Your router may have several interfaces, and you
  36   # probably want to keep them private from the network/gatewayinterface.
  37   # If so, you should block the entire subnets on those interfaces, e.g.:
  38   # list authenticated_users 'block to 192.168.0.0/16'
  39   # list authenticated_users 'block to 10.0.0.0/8'
  40
  41   # Typical ports you will probably want to open up.
  42   #list authenticated_users 'allow tcp port 22'
  43   #list authenticated_users 'allow tcp port 53'
  44   #list authenticated_users 'allow udp port 53'
  45   #list authenticated_users 'allow tcp port 80'
  46   #list authenticated_users 'allow tcp port 443'
  47   #Or for happy customers allow all
  48   list authenticated_users 'allow all'
  49
  50
  51   # For preauthenticated users to resolve IP addresses in their
  52   # initial request not using the router itself as a DNS server,
  53   # Leave commented to help prevent DNS tunnelling
  54   #list preauthenticated_users 'allow tcp port 53'
  55   #list preauthenticated_users 'allow udp port 53'
  56
  57   # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
  58   list users_to_router 'allow tcp port 22'
  59   list users_to_router 'allow tcp port 23'
  60   list users_to_router 'allow tcp port 53'
  61   list users_to_router 'allow udp port 53'
  62   list users_to_router 'allow udp port 67'
  63   list users_to_router 'allow tcp port 80'
  64
  65   # MAC addresses that are / are not allowed to access the splash page
  66   # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
  67   #option macmechanism 'allow'
  68   #list allowedmac '00:00:C0:01:D0:0D'
  69   #list allowedmac '00:00:C0:01:D0:1D'
  70   #list blockedmac '00:00:C0:01:D0:2D'
  71
  72   #MAC addresses that do not need to authenticate
  73   #list trustedmac '00:00:C0:01:D0:1D'
  74
  75   # Set FW_MARK for compatibilty with other OpenWrt Packages eg mwan3, sqm etc.
  76   list fw_mark_authenticated '30000'
  77   list fw_mark_trusted '20000'
  78   list fw_mark_blocked '10000'