net/wifidog/files/wifidog.conf

   1 # $Header$
   2 # WiFiDog Configuration file
   3
   4 # Parameter: GatewayID
   5 # Default: default
   6 # Optional but essential for monitoring purposes
   7 #
   8 # Set this to the template ID on the auth server
   9 # this is used to give a customized login page to the clients
  10 # If none is supplied, the default login page will be used.
  11
  12 GatewayID default
  13
  14 # Parameter: ExternalInterface
  15 # Default: NONE
  16 # Optional
  17 #
  18 # Set this to the external interface.  Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
  19
  20 # ExternalInterface eth0
  21
  22 # Parameter: GatewayInterface
  23 # Default: NONE
  24 # Mandatory
  25 #
  26 # Set this to the internal interface.    Typically br0 for OpenWrt, and eth1 otherwise
  27
  28 GatewayInterface br0
  29
  30 # Parameter: GatewayAddress
  31 # Default: Find it from GatewayInterface
  32 # Optional
  33 #
  34 # Set this to the internal IP address of the gateway
  35
  36 # GatewayAddress 192.168.1.1
  37
  38 # Parameter: AuthServMaxTries
  39 # Default: 1
  40 # Optional
  41 #
  42 # Sets the number of auth servers the gateway will attempt to contact when a request fails.
  43 # this number should be equal to the number of AuthServer lines in this
  44 # configuration but it should probably not exceed 3.
  45
  46 # AuthServMaxTries 3
  47
  48 # Parameter: AuthServer
  49 # Default: NONE
  50 # Mandatory
  51 #
  52 # Set this to the hostname or IP of your auth server, the path where
  53 # WiFiDog-auth resides  and optionally as a second argument, the port it
  54 # listens on.
  55 #AuthServer {
  56 #       Hostname      (Mandatory; Default: NONE)
  57 #       SSLAvailable  (Optional; Default: no; Possible values: yes, no)
  58 #       SSLPort 443   (Optional; Default: 443)
  59 #       HTTPPort 80   (Optional; Default: 80)
  60 #       Path wifidog/ (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
  61 #}
  62
  63 #AuthServer {
  64 #    Hostname auth.ilesansfil.org
  65 #    SSLAvailable yes
  66 #    Path /
  67 #}
  68
  69 #AuthServer {
  70 #    Hostname auth2.ilesansfil.org
  71 #    SSLAvailable yes
  72 #    Path /
  73 #}
  74
  75 #AuthServer {
  76 #    Hostname auth3.ilesansfil.org
  77 #    SSLAvailable yes
  78 #    Path /
  79 #}
  80
  81 # Parameter: Daemon
  82 # Default: 1
  83 # Optional
  84 #
  85 # Set this to true if you want to run as a daemon
  86 # Daemon 1
  87
  88 # Parameter: GatewayPort
  89 # Default: 2060
  90 # Optional
  91 #
  92 # Listen on this port
  93 # GatewayPort 2060
  94
  95 # Parameter: HTTPDName
  96 # Default: WiFiDog
  97 # Optional
  98 #
  99 # Define what name the HTTPD server will respond
 100 # HTTPDName WiFiDog
 101
 102 # Parameter: HTTPDMaxConn
 103 # Default: 10
 104 # Optional
 105 #
 106 # How many sockets to listen to
 107 # HTTPDMaxConn 10
 108
 109 # Parameter: CheckInterval
 110 # Default: 60
 111 # Optional
 112 #
 113 # How many seconds should we wait between timeout checks
 114 CheckInterval 60
 115
 116 # Parameter: ClientTimeout
 117 # Default: 5
 118 # Optional
 119 #
 120 # Set this to the desired of number of CheckInterval of inactivity before a client is logged out
 121 # The timeout will be INTERVAL * TIMEOUT
 122 ClientTimeout 5
 123
 124 # Parameter: FirewallRuleSet
 125 # Default: none
 126 # Mandatory
 127 #
 128 # Groups a number of FirewallRule statements together.
 129
 130 # Parameter: FirewallRule
 131 # Default: none
 132 #
 133 # Define one firewall rule in a rule set.
 134
 135 # Rule Set: global
 136 #
 137 # Used for rules to be applied to all other rulesets except locked.
 138 # This is the default config for the Teliphone service.
 139 FirewallRuleSet global {
 140     FirewallRule allow udp to 69.90.89.192/27
 141     FirewallRule allow udp to 69.90.85.0/27
 142     FirewallRule allow tcp port 80 to 69.90.89.205
 143 }
 144
 145 # Rule Set: validating-users
 146 #
 147 # Used for new users validating their account
 148 FirewallRuleSet validating-users {
 149     FirewallRule block tcp port 25
 150     FirewallRule allow to 0.0.0.0/0
 151 }
 152
 153 # Rule Set: known-users
 154 #
 155 # Used for normal validated users.
 156 FirewallRuleSet known-users {
 157     FirewallRule allow to 0.0.0.0/0
 158 }
 159
 160 # Rule Set: unknown-users
 161 #
 162 # Used for unvalidated users, this is the ruleset that gets redirected.
 163 #
 164 # XXX The redirect code adds the Default DROP clause.
 165 FirewallRuleSet unknown-users {
 166     FirewallRule allow udp port 53
 167     FirewallRule allow tcp port 53
 168     FirewallRule allow udp port 67
 169     FirewallRule allow tcp port 67
 170 }
 171
 172 # Rule Set: locked-users
 173 #
 174 # Used for users that have been locked out.
 175 FirewallRuleSet locked-users {
 176     FirewallRule block to 0.0.0.0/0
 177 }