From 2aac3d612c32a51c9a3a1fac12ddf7f86b36bf88 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Sat, 5 Jul 2008 13:07:12 +0000 Subject: [PATCH 1/1] Upgrade wifidog to 1.1.5 (#3667) SVN-Revision: 11656 --- net/wifidog/Makefile | 10 ++-- net/wifidog/files/wifidog.conf | 97 ++++++++++++++++++++-------------- 2 files changed, 62 insertions(+), 45 deletions(-) diff --git a/net/wifidog/Makefile b/net/wifidog/Makefile index 9fdc0feb91..9c7b8b3273 100644 --- a/net/wifidog/Makefile +++ b/net/wifidog/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wifidog -PKG_VERSION:=1.1.4 +PKG_VERSION:=1.1.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= @SF/$(PKG_NAME) -PKG_MD5SUM:=daa4f492dd6acafe0a7127d07633aca5 +PKG_MD5SUM:=abe5f7123179a0f08c493ce59fb3cb31 PKG_FIXUP = libtool @@ -30,9 +30,9 @@ define Package/wifidog endef define Package/wifidog/description - The Wifidog project is a complete and embeddable captive - portal solution for wireless community groups or individuals - who wish to open a free Hotspot while still preventing abuse + The Wifidog project is a complete and embeddable captive + portal solution for wireless community groups or individuals + who wish to open a free Hotspot while still preventing abuse of their Internet connection. endef diff --git a/net/wifidog/files/wifidog.conf b/net/wifidog/files/wifidog.conf index cc17026518..c316ec3236 100644 --- a/net/wifidog/files/wifidog.conf +++ b/net/wifidog/files/wifidog.conf @@ -1,13 +1,15 @@ -# $Header$ +# $Id$ # WiFiDog Configuration file # Parameter: GatewayID # Default: default -# Optional but essential for monitoring purposes +# Optional # -# Set this to the template ID on the auth server -# this is used to give a customized login page to the clients -# If none is supplied, the default login page will be used. +# Set this to the node ID on the auth server +# this is used to give a customized login page to the clients and for +# monitoring/statistics purpose +# If none is supplied, the mac address of the GatewayInterface interface will be used, +# without the : separators GatewayID default @@ -15,7 +17,9 @@ GatewayID default # Default: NONE # Optional # -# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise +# Set this to the external interface (the one going out to the Inernet or your larger LAN). +# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, +# Normally autodetected # ExternalInterface eth0 @@ -23,7 +27,8 @@ GatewayID default # Default: NONE # Mandatory # -# Set this to the internal interface. Typically br-lan for OpenWrt, and eth1 otherwise +# Set this to the internal interface (typically your wifi interface). +# Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise GatewayInterface br-lan @@ -31,33 +36,28 @@ GatewayInterface br-lan # Default: Find it from GatewayInterface # Optional # -# Set this to the internal IP address of the gateway +# Set this to the internal IP address of the gateway. Not normally required. # GatewayAddress 192.168.1.1 -# Parameter: AuthServMaxTries -# Default: 1 -# Optional -# -# Sets the number of auth servers the gateway will attempt to contact when a request fails. -# this number should be equal to the number of AuthServer lines in this -# configuration but it should probably not exceed 3. - -# AuthServMaxTries 3 - # Parameter: AuthServer # Default: NONE -# Mandatory +# Mandatory, repeatable # -# Set this to the hostname or IP of your auth server, the path where -# WiFiDog-auth resides and optionally as a second argument, the port it -# listens on. +# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. +# Set this to the hostname or IP of your auth server(s), the path where +# WiFiDog-auth resides in and the port it listens on. #AuthServer { -# Hostname (Mandatory; Default: NONE) -# SSLAvailable (Optional; Default: no; Possible values: yes, no) -# SSLPort 443 (Optional; Default: 443) -# HTTPPort 80 (Optional; Default: 80) -# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +# Hostname (Mandatory; Default: NONE) +# SSLAvailable (Optional; Default: no; Possible values: yes, no) +# SSLPort (Optional; Default: 443) +# HTTPPort (Optional; Default: 80) +# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) +# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) +# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) +# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) +# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) #} #AuthServer { @@ -72,12 +72,6 @@ GatewayInterface br-lan # Path / #} -#AuthServer { -# Hostname auth3.ilesansfil.org -# SSLAvailable yes -# Path / -#} - # Parameter: Daemon # Default: 1 # Optional @@ -110,7 +104,12 @@ GatewayInterface br-lan # Default: 60 # Optional # -# How many seconds should we wait between timeout checks +# How many seconds should we wait between timeout checks. This is also +# how often the gateway will ping the auth server and how often it will +# update the traffic counters on the auth server. Setting this too low +# wastes bandwidth, setting this too high will cause the gateway to take +# a long time to switch to it's backup auth server(s). + CheckInterval 60 # Parameter: ClientTimeout @@ -121,6 +120,14 @@ CheckInterval 60 # The timeout will be INTERVAL * TIMEOUT ClientTimeout 5 +# Parameter: TrustedMACList +# Default: none +# Optional +# +# Comma separated list of MAC addresses who are allowed to pass +# through without authentication +#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D + # Parameter: FirewallRuleSet # Default: none # Mandatory @@ -135,18 +142,28 @@ ClientTimeout 5 # Rule Set: global # # Used for rules to be applied to all other rulesets except locked. -# This is the default config for the Teliphone service. FirewallRuleSet global { - FirewallRule allow udp to 69.90.89.192/27 - FirewallRule allow udp to 69.90.85.0/27 - FirewallRule allow tcp port 80 to 69.90.89.205 + ## To block SMTP out, as it's a tech support nightmare, and a legal liability + #FirewallRule block tcp port 25 + + ## Use the following if you don't want clients to be able to access machines on + ## the private LAN that gives internet access to wifidog. Note that this is not + ## client isolation; The laptops will still be able to talk to one another, as + ## well as to any machine bridged to the wifi of the router. + # FirewallRule block to 192.168.0.0/16 + # FirewallRule block to 172.16.0.0/12 + # FirewallRule block to 10.0.0.0/8 + + ## This is an example ruleset for the Teliphone service. + #FirewallRule allow udp to 69.90.89.192/27 + #FirewallRule allow udp to 69.90.85.0/27 + #FirewallRule allow tcp port 80 to 69.90.89.205 } # Rule Set: validating-users # # Used for new users validating their account FirewallRuleSet validating-users { - FirewallRule block tcp port 25 FirewallRule allow to 0.0.0.0/0 } @@ -171,7 +188,7 @@ FirewallRuleSet unknown-users { # Rule Set: locked-users # -# Used for users that have been locked out. +# Not currently used FirewallRuleSet locked-users { FirewallRule block to 0.0.0.0/0 } -- 2.30.2