blob: 6d955a6454a9a88c9156ca97f8ca13c4c5c4ae51 (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
 | # $Header$
# WiFiDog Configuration file
# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the default login page will be used.
GatewayID default
# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface.  Typically vlan1 for OpenADK, and eth0 or ppp0 otherwise
# ExternalInterface eth0
# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface.    Typically br0 for OpenADK, and eth1 otherwise
GatewayInterface br0
# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway
# GatewayAddress 192.168.1.1
# Parameter: AuthServMaxTries
# Default: 1
# Optional
#
# Sets the number of auth servers the gateway will attempt to contact when a request fails.
# this number should be equal to the number of AuthServer lines in this
# configuration but it should probably not exceed 3.
# AuthServMaxTries 3
# Parameter: AuthServer
# Default: NONE
# Mandatory
#
# Set this to the hostname or IP of your auth server, the path where
# WiFiDog-auth resides  and optionally as a second argument, the port it
# listens on.
#AuthServer {
#	Hostname      (Mandatory; Default: NONE)
#	SSLAvailable  (Optional; Default: no; Possible values: yes, no)
#	SSLPort 443   (Optional; Default: 443)
#	HTTPPort 80   (Optional; Default: 80)
#	Path wifidog/ (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
#}
#AuthServer {
#    Hostname auth.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}
#AuthServer {
#    Hostname auth2.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}
#AuthServer {
#    Hostname auth3.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}
# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1
# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
# GatewayPort 2060
# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
# HTTPDName WiFiDog
# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10
# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 60
# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 5
# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.
# Parameter: FirewallRule
# Default: none
# 
# Define one firewall rule in a rule set.
# Rule Set: global
# 
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
FirewallRuleSet global {
    FirewallRule allow udp to 69.90.89.192/27
    FirewallRule allow udp to 69.90.85.0/27
    FirewallRule allow tcp port 80 to 69.90.89.205
}
# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
    FirewallRule block tcp port 25
    FirewallRule allow to 0.0.0.0/0
}
# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
    FirewallRule allow to 0.0.0.0/0
}
# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}
# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}
 |