diff options
Diffstat (limited to 'package/wifidog/files/wifidog.conf')
-rw-r--r-- | package/wifidog/files/wifidog.conf | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/package/wifidog/files/wifidog.conf b/package/wifidog/files/wifidog.conf new file mode 100644 index 0000000000..10b173a9a2 --- /dev/null +++ b/package/wifidog/files/wifidog.conf @@ -0,0 +1,177 @@ +# $Header$ +# WiFiDog Configuration file + +# Parameter: GatewayID +# Default: default +# Optional but essential for monitoring purposes +# +# Set this to the template ID on the auth server +# this is used to give a customized login page to the clients +# If none is supplied, the default login page will be used. + +GatewayID default + +# Parameter: ExternalInterface +# Default: NONE +# Optional +# +# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise + +# ExternalInterface eth0 + +# Parameter: GatewayInterface +# Default: NONE +# Mandatory +# +# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise + +GatewayInterface br0 + +# Parameter: GatewayAddress +# Default: Find it from GatewayInterface +# Optional +# +# Set this to the internal IP address of the gateway + +# GatewayAddress 192.168.1.1 + +# Parameter: AuthServMaxTries +# Default: 1 +# Optional +# +# Sets the number of auth servers the gateway will attempt to contact when a request fails. +# this number should be equal to the number of AuthServer lines in this +# configuration but it should probably not exceed 3. + +# AuthServMaxTries 3 + +# Parameter: AuthServer +# Default: NONE +# Mandatory +# +# Set this to the hostname or IP of your auth server, the path where +# WiFiDog-auth resides and optionally as a second argument, the port it +# listens on. +#AuthServer { +# Hostname (Mandatory; Default: NONE) +# SSLAvailable (Optional; Default: no; Possible values: yes, no) +# SSLPort 443 (Optional; Default: 443) +# HTTPPort 80 (Optional; Default: 80) +# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +#} + +#AuthServer { +# Hostname auth.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +#AuthServer { +# Hostname auth2.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +#AuthServer { +# Hostname auth3.ilesansfil.org +# SSLAvailable yes +# Path / +#} + +# Parameter: Daemon +# Default: 1 +# Optional +# +# Set this to true if you want to run as a daemon +# Daemon 1 + +# Parameter: GatewayPort +# Default: 2060 +# Optional +# +# Listen on this port +# GatewayPort 2060 + +# Parameter: HTTPDName +# Default: WiFiDog +# Optional +# +# Define what name the HTTPD server will respond +# HTTPDName WiFiDog + +# Parameter: HTTPDMaxConn +# Default: 10 +# Optional +# +# How many sockets to listen to +# HTTPDMaxConn 10 + +# Parameter: CheckInterval +# Default: 60 +# Optional +# +# How many seconds should we wait between timeout checks +CheckInterval 60 + +# Parameter: ClientTimeout +# Default: 5 +# Optional +# +# Set this to the desired of number of CheckInterval of inactivity before a client is logged out +# The timeout will be INTERVAL * TIMEOUT +ClientTimeout 5 + +# Parameter: FirewallRuleSet +# Default: none +# Mandatory +# +# Groups a number of FirewallRule statements together. + +# Parameter: FirewallRule +# Default: none +# +# Define one firewall rule in a rule set. + +# Rule Set: global +# +# Used for rules to be applied to all other rulesets except locked. +# This is the default config for the Teliphone service. +FirewallRuleSet global { + FirewallRule allow udp to 69.90.89.192/27 + FirewallRule allow udp to 69.90.85.0/27 + FirewallRule allow tcp port 80 to 69.90.89.205 +} + +# Rule Set: validating-users +# +# Used for new users validating their account +FirewallRuleSet validating-users { + FirewallRule block tcp port 25 + FirewallRule allow to 0.0.0.0/0 +} + +# Rule Set: known-users +# +# Used for normal validated users. +FirewallRuleSet known-users { + FirewallRule allow to 0.0.0.0/0 +} + +# Rule Set: unknown-users +# +# Used for unvalidated users, this is the ruleset that gets redirected. +# +# XXX The redirect code adds the Default DROP clause. +FirewallRuleSet unknown-users { + FirewallRule allow udp port 53 + FirewallRule allow tcp port 53 + FirewallRule allow udp port 67 + FirewallRule allow tcp port 67 +} + +# Rule Set: locked-users +# +# Used for users that have been locked out. +FirewallRuleSet locked-users { + FirewallRule block to 0.0.0.0/0 +} |