net/wifidog/files/wifidog.conf

   1 # WiFiDog Configuration file
   2
   3 # Parameter: GatewayID
   4 # Default: default
   5 # Optional
   6 #
   7 # Set this to the node ID on the auth server
   8 # this is used to give a customized login page to the clients and for
   9 # monitoring/statistics purpose
  10 # If none is supplied, the mac address of the GatewayInterface interface will be used,
  11 # without the : separators
  12
  13 GatewayID default
  14
  15 # Parameter: ExternalInterface
  16 # Default: NONE
  17 # Optional
  18 #
  19 # Set this to the external interface (the one going out to the Inernet or your larger LAN).
  20 # Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
  21 # Normally autodetected
  22
  23 # ExternalInterface eth0
  24
  25 # Parameter: GatewayInterface
  26 # Default: NONE
  27 # Mandatory
  28 #
  29 # Set this to the internal interface (typically your wifi interface).
  30 # Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise
  31
  32 GatewayInterface br-lan
  33
  34 # Parameter: GatewayAddress
  35 # Default: Find it from GatewayInterface
  36 # Optional
  37 #
  38 # Set this to the internal IP address of the gateway.  Not normally required.
  39
  40 # GatewayAddress 192.168.1.1
  41
  42 # Parameter: AuthServer
  43 # Default: NONE
  44 # Mandatory, repeatable
  45 #
  46 # This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds.
  47 # Set this to the hostname or IP of your auth server(s), the path where
  48 # WiFiDog-auth resides in and the port it listens on.
  49 #AuthServer {
  50 #       Hostname                 (Mandatory; Default: NONE)
  51 #       SSLAvailable             (Optional; Default: no; Possible values: yes, no)
  52 #       SSLPort                  (Optional; Default: 443)
  53 #       HTTPPort                 (Optional; Default: 80)
  54 #       Path                     (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
  55 #   LoginScriptPathFragment  (Optional; Default: login/? Note:  This is the script the user will be sent to for login.)
  56 #   PortalScriptPathFragment (Optional; Default: portal/? Note:  This is the script the user will be sent to after a successfull login.)
  57 #   MsgScriptPathFragment    (Optional; Default: gw_message.php? Note:  This is the script the user will be sent to upon error to read a readable message.)
  58 #   PingScriptPathFragment    (Optional; Default: ping/? Note:  This is the script the user will be sent to upon error to read a readable message.)
  59 #   AuthScriptPathFragment    (Optional; Default: auth/? Note:  This is the script the user will be sent to upon error to read a readable message.)
  60 #}
  61
  62 #AuthServer {
  63 #    Hostname auth.ilesansfil.org
  64 #    SSLAvailable yes
  65 #    Path /
  66 #}
  67
  68 #AuthServer {
  69 #    Hostname auth2.ilesansfil.org
  70 #    SSLAvailable yes
  71 #    Path /
  72 #}
  73
  74 # Parameter: Daemon
  75 # Default: 1
  76 # Optional
  77 #
  78 # Set this to true if you want to run as a daemon
  79 # Daemon 1
  80
  81 # Parameter: GatewayPort
  82 # Default: 2060
  83 # Optional
  84 #
  85 # Listen on this port
  86 # GatewayPort 2060
  87
  88 # Parameter: HTTPDName
  89 # Default: WiFiDog
  90 # Optional
  91 #
  92 # Define what name the HTTPD server will respond
  93 # HTTPDName WiFiDog
  94
  95 # Parameter: HTTPDMaxConn
  96 # Default: 10
  97 # Optional
  98 #
  99 # How many sockets to listen to
 100 # HTTPDMaxConn 10
 101
 102 # Parameter: CheckInterval
 103 # Default: 60
 104 # Optional
 105 #
 106 # How many seconds should we wait between timeout checks.  This is also
 107 # how often the gateway will ping the auth server and how often it will
 108 # update the traffic counters on the auth server.  Setting this too low
 109 # wastes bandwidth, setting this too high will cause the gateway to take
 110 # a long time to switch to it's backup auth server(s).
 111
 112 CheckInterval 60
 113
 114 # Parameter: ClientTimeout
 115 # Default: 5
 116 # Optional
 117 #
 118 # Set this to the desired of number of CheckInterval of inactivity before a client is logged out
 119 # The timeout will be INTERVAL * TIMEOUT
 120 ClientTimeout 5
 121
 122 # Parameter: TrustedMACList
 123 # Default: none
 124 # Optional
 125 #
 126 # Comma separated list of MAC addresses who are allowed to pass
 127 # through without authentication
 128 #TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
 129
 130 # Parameter: FirewallRuleSet
 131 # Default: none
 132 # Mandatory
 133 #
 134 # Groups a number of FirewallRule statements together.
 135
 136 # Parameter: FirewallRule
 137 # Default: none
 138 #
 139 # Define one firewall rule in a rule set.
 140
 141 # Rule Set: global
 142 #
 143 # Used for rules to be applied to all other rulesets except locked.
 144 FirewallRuleSet global {
 145     ## To block SMTP out, as it's a tech support nightmare, and a legal liability
 146     #FirewallRule block tcp port 25
 147
 148     ## Use the following if you don't want clients to be able to access machines on
 149     ## the private LAN that gives internet access to wifidog.  Note that this is not
 150     ## client isolation;  The laptops will still be able to talk to one another, as
 151     ## well as to any machine bridged to the wifi of the router.
 152     # FirewallRule block to 192.168.0.0/16
 153     # FirewallRule block to 172.16.0.0/12
 154     # FirewallRule block to 10.0.0.0/8
 155
 156     ## This is an example ruleset for the Teliphone service.
 157     #FirewallRule allow udp to 69.90.89.192/27
 158     #FirewallRule allow udp to 69.90.85.0/27
 159     #FirewallRule allow tcp port 80 to 69.90.89.205
 160 }
 161
 162 # Rule Set: validating-users
 163 #
 164 # Used for new users validating their account
 165 FirewallRuleSet validating-users {
 166     FirewallRule allow to 0.0.0.0/0
 167 }
 168
 169 # Rule Set: known-users
 170 #
 171 # Used for normal validated users.
 172 FirewallRuleSet known-users {
 173     FirewallRule allow to 0.0.0.0/0
 174 }
 175
 176 # Rule Set: unknown-users
 177 #
 178 # Used for unvalidated users, this is the ruleset that gets redirected.
 179 #
 180 # XXX The redirect code adds the Default DROP clause.
 181 FirewallRuleSet unknown-users {
 182     FirewallRule allow udp port 53
 183     FirewallRule allow tcp port 53
 184     FirewallRule allow udp port 67
 185     FirewallRule allow tcp port 67
 186 }
 187
 188 # Rule Set: locked-users
 189 #
 190 # Not currently used
 191 FirewallRuleSet locked-users {
 192     FirewallRule block to 0.0.0.0/0
 193 }