1
0

wifidog.conf 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. # $Header$
  2. # WiFiDog Configuration file
  3. # Parameter: GatewayID
  4. # Default: default
  5. # Optional but essential for monitoring purposes
  6. #
  7. # Set this to the template ID on the auth server
  8. # this is used to give a customized login page to the clients
  9. # If none is supplied, the default login page will be used.
  10. GatewayID default
  11. # Parameter: ExternalInterface
  12. # Default: NONE
  13. # Optional
  14. #
  15. # Set this to the external interface. Typically vlan1 for OpenADK, and eth0 or ppp0 otherwise
  16. # ExternalInterface eth0
  17. # Parameter: GatewayInterface
  18. # Default: NONE
  19. # Mandatory
  20. #
  21. # Set this to the internal interface. Typically br0 for OpenADK, and eth1 otherwise
  22. GatewayInterface br0
  23. # Parameter: GatewayAddress
  24. # Default: Find it from GatewayInterface
  25. # Optional
  26. #
  27. # Set this to the internal IP address of the gateway
  28. # GatewayAddress 192.168.1.1
  29. # Parameter: AuthServMaxTries
  30. # Default: 1
  31. # Optional
  32. #
  33. # Sets the number of auth servers the gateway will attempt to contact when a request fails.
  34. # this number should be equal to the number of AuthServer lines in this
  35. # configuration but it should probably not exceed 3.
  36. # AuthServMaxTries 3
  37. # Parameter: AuthServer
  38. # Default: NONE
  39. # Mandatory
  40. #
  41. # Set this to the hostname or IP of your auth server, the path where
  42. # WiFiDog-auth resides and optionally as a second argument, the port it
  43. # listens on.
  44. #AuthServer {
  45. # Hostname (Mandatory; Default: NONE)
  46. # SSLAvailable (Optional; Default: no; Possible values: yes, no)
  47. # SSLPort 443 (Optional; Default: 443)
  48. # HTTPPort 80 (Optional; Default: 80)
  49. # Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
  50. #}
  51. #AuthServer {
  52. # Hostname auth.ilesansfil.org
  53. # SSLAvailable yes
  54. # Path /
  55. #}
  56. #AuthServer {
  57. # Hostname auth2.ilesansfil.org
  58. # SSLAvailable yes
  59. # Path /
  60. #}
  61. #AuthServer {
  62. # Hostname auth3.ilesansfil.org
  63. # SSLAvailable yes
  64. # Path /
  65. #}
  66. # Parameter: Daemon
  67. # Default: 1
  68. # Optional
  69. #
  70. # Set this to true if you want to run as a daemon
  71. # Daemon 1
  72. # Parameter: GatewayPort
  73. # Default: 2060
  74. # Optional
  75. #
  76. # Listen on this port
  77. # GatewayPort 2060
  78. # Parameter: HTTPDName
  79. # Default: WiFiDog
  80. # Optional
  81. #
  82. # Define what name the HTTPD server will respond
  83. # HTTPDName WiFiDog
  84. # Parameter: HTTPDMaxConn
  85. # Default: 10
  86. # Optional
  87. #
  88. # How many sockets to listen to
  89. # HTTPDMaxConn 10
  90. # Parameter: CheckInterval
  91. # Default: 60
  92. # Optional
  93. #
  94. # How many seconds should we wait between timeout checks
  95. CheckInterval 60
  96. # Parameter: ClientTimeout
  97. # Default: 5
  98. # Optional
  99. #
  100. # Set this to the desired of number of CheckInterval of inactivity before a client is logged out
  101. # The timeout will be INTERVAL * TIMEOUT
  102. ClientTimeout 5
  103. # Parameter: FirewallRuleSet
  104. # Default: none
  105. # Mandatory
  106. #
  107. # Groups a number of FirewallRule statements together.
  108. # Parameter: FirewallRule
  109. # Default: none
  110. #
  111. # Define one firewall rule in a rule set.
  112. # Rule Set: global
  113. #
  114. # Used for rules to be applied to all other rulesets except locked.
  115. # This is the default config for the Teliphone service.
  116. FirewallRuleSet global {
  117. FirewallRule allow udp to 69.90.89.192/27
  118. FirewallRule allow udp to 69.90.85.0/27
  119. FirewallRule allow tcp port 80 to 69.90.89.205
  120. }
  121. # Rule Set: validating-users
  122. #
  123. # Used for new users validating their account
  124. FirewallRuleSet validating-users {
  125. FirewallRule block tcp port 25
  126. FirewallRule allow to 0.0.0.0/0
  127. }
  128. # Rule Set: known-users
  129. #
  130. # Used for normal validated users.
  131. FirewallRuleSet known-users {
  132. FirewallRule allow to 0.0.0.0/0
  133. }
  134. # Rule Set: unknown-users
  135. #
  136. # Used for unvalidated users, this is the ruleset that gets redirected.
  137. #
  138. # XXX The redirect code adds the Default DROP clause.
  139. FirewallRuleSet unknown-users {
  140. FirewallRule allow udp port 53
  141. FirewallRule allow tcp port 53
  142. FirewallRule allow udp port 67
  143. FirewallRule allow tcp port 67
  144. }
  145. # Rule Set: locked-users
  146. #
  147. # Used for users that have been locked out.
  148. FirewallRuleSet locked-users {
  149. FirewallRule block to 0.0.0.0/0
  150. }