# $Header$ # WiFiDog Configuration file # Parameter: GatewayID # Default: default # Optional but essential for monitoring purposes # # Set this to the template ID on the auth server # this is used to give a customized login page to the clients # If none is supplied, the default login page will be used. GatewayID default # Parameter: ExternalInterface # Default: NONE # Optional # # Set this to the external interface. Typically vlan1 for OpenADK, and eth0 or ppp0 otherwise # ExternalInterface eth0 # Parameter: GatewayInterface # Default: NONE # Mandatory # # Set this to the internal interface. Typically br0 for OpenADK, and eth1 otherwise GatewayInterface br0 # Parameter: GatewayAddress # Default: Find it from GatewayInterface # Optional # # Set this to the internal IP address of the gateway # GatewayAddress 192.168.1.1 # Parameter: AuthServMaxTries # Default: 1 # Optional # # Sets the number of auth servers the gateway will attempt to contact when a request fails. # this number should be equal to the number of AuthServer lines in this # configuration but it should probably not exceed 3. # AuthServMaxTries 3 # Parameter: AuthServer # Default: NONE # Mandatory # # Set this to the hostname or IP of your auth server, the path where # WiFiDog-auth resides and optionally as a second argument, the port it # listens on. #AuthServer { # Hostname (Mandatory; Default: NONE) # SSLAvailable (Optional; Default: no; Possible values: yes, no) # SSLPort 443 (Optional; Default: 443) # HTTPPort 80 (Optional; Default: 80) # Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) #} #AuthServer { # Hostname auth.ilesansfil.org # SSLAvailable yes # Path / #} #AuthServer { # Hostname auth2.ilesansfil.org # SSLAvailable yes # Path / #} #AuthServer { # Hostname auth3.ilesansfil.org # SSLAvailable yes # Path / #} # Parameter: Daemon # Default: 1 # Optional # # Set this to true if you want to run as a daemon # Daemon 1 # Parameter: GatewayPort # Default: 2060 # Optional # # Listen on this port # GatewayPort 2060 # Parameter: HTTPDName # Default: WiFiDog # Optional # # Define what name the HTTPD server will respond # HTTPDName WiFiDog # Parameter: HTTPDMaxConn # Default: 10 # Optional # # How many sockets to listen to # HTTPDMaxConn 10 # Parameter: CheckInterval # Default: 60 # Optional # # How many seconds should we wait between timeout checks CheckInterval 60 # Parameter: ClientTimeout # Default: 5 # Optional # # Set this to the desired of number of CheckInterval of inactivity before a client is logged out # The timeout will be INTERVAL * TIMEOUT ClientTimeout 5 # Parameter: FirewallRuleSet # Default: none # Mandatory # # Groups a number of FirewallRule statements together. # Parameter: FirewallRule # Default: none # # Define one firewall rule in a rule set. # Rule Set: global # # Used for rules to be applied to all other rulesets except locked. # This is the default config for the Teliphone service. FirewallRuleSet global { FirewallRule allow udp to 69.90.89.192/27 FirewallRule allow udp to 69.90.85.0/27 FirewallRule allow tcp port 80 to 69.90.89.205 } # Rule Set: validating-users # # Used for new users validating their account FirewallRuleSet validating-users { FirewallRule block tcp port 25 FirewallRule allow to 0.0.0.0/0 } # Rule Set: known-users # # Used for normal validated users. FirewallRuleSet known-users { FirewallRule allow to 0.0.0.0/0 } # Rule Set: unknown-users # # Used for unvalidated users, this is the ruleset that gets redirected. # # XXX The redirect code adds the Default DROP clause. FirewallRuleSet unknown-users { FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 FirewallRule allow tcp port 67 } # Rule Set: locked-users # # Used for users that have been locked out. FirewallRuleSet locked-users { FirewallRule block to 0.0.0.0/0 }