2 # WiFiDog Configuration file
8 # Set this to the node ID on the auth server
9 # this is used to give a customized login page to the clients and for
10 # monitoring/statistics purpose
11 # If none is supplied, the mac address of the GatewayInterface interface will be used,
12 # without the : separators
16 # Parameter: ExternalInterface
20 # Set this to the external interface (the one going out to the Inernet or your larger LAN).
21 # Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
22 # Normally autodetected
24 # ExternalInterface eth0
26 # Parameter: GatewayInterface
30 # Set this to the internal interface (typically your wifi interface).
31 # Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise
33 GatewayInterface br-lan
35 # Parameter: GatewayAddress
36 # Default: Find it from GatewayInterface
39 # Set this to the internal IP address of the gateway. Not normally required.
41 # GatewayAddress 192.168.1.1
43 # Parameter: AuthServer
45 # Mandatory, repeatable
47 # This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
48 # Set this to the hostname or IP of your auth server(s), the path where
49 # WiFiDog-auth resides in and the port it listens on.
51 # Hostname (Mandatory; Default: NONE)
52 # SSLAvailable (Optional; Default: no; Possible values: yes, no)
53 # SSLPort (Optional; Default: 443)
54 # HTTPPort (Optional; Default: 80)
55 # Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
56 # LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)
57 # PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)
58 # MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)
59 # PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)
60 # AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)
64 # Hostname auth.ilesansfil.org
70 # Hostname auth2.ilesansfil.org
79 # Set this to true if you want to run as a daemon
82 # Parameter: GatewayPort
89 # Parameter: HTTPDName
93 # Define what name the HTTPD server will respond
96 # Parameter: HTTPDMaxConn
100 # How many sockets to listen to
103 # Parameter: CheckInterval
107 # How many seconds should we wait between timeout checks. This is also
108 # how often the gateway will ping the auth server and how often it will
109 # update the traffic counters on the auth server. Setting this too low
110 # wastes bandwidth, setting this too high will cause the gateway to take
111 # a long time to switch to it's backup auth server(s).
115 # Parameter: ClientTimeout
119 # Set this to the desired of number of CheckInterval of inactivity before a client is logged out
120 # The timeout will be INTERVAL * TIMEOUT
123 # Parameter: TrustedMACList
127 # Comma separated list of MAC addresses who are allowed to pass
128 # through without authentication
129 #TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
131 # Parameter: FirewallRuleSet
135 # Groups a number of FirewallRule statements together.
137 # Parameter: FirewallRule
140 # Define one firewall rule in a rule set.
144 # Used for rules to be applied to all other rulesets except locked.
145 FirewallRuleSet global {
146 ## To block SMTP out, as it's a tech support nightmare, and a legal liability
147 #FirewallRule block tcp port 25
149 ## Use the following if you don't want clients to be able to access machines on
150 ## the private LAN that gives internet access to wifidog. Note that this is not
151 ## client isolation; The laptops will still be able to talk to one another, as
152 ## well as to any machine bridged to the wifi of the router.
153 # FirewallRule block to 192.168.0.0/16
154 # FirewallRule block to 172.16.0.0/12
155 # FirewallRule block to 10.0.0.0/8
157 ## This is an example ruleset for the Teliphone service.
158 #FirewallRule allow udp to 69.90.89.192/27
159 #FirewallRule allow udp to 69.90.85.0/27
160 #FirewallRule allow tcp port 80 to 69.90.89.205
163 # Rule Set: validating-users
165 # Used for new users validating their account
166 FirewallRuleSet validating-users {
167 FirewallRule allow to 0.0.0.0/0
170 # Rule Set: known-users
172 # Used for normal validated users.
173 FirewallRuleSet known-users {
174 FirewallRule allow to 0.0.0.0/0
177 # Rule Set: unknown-users
179 # Used for unvalidated users, this is the ruleset that gets redirected.
181 # XXX The redirect code adds the Default DROP clause.
182 FirewallRuleSet unknown-users {
183 FirewallRule allow udp port 53
184 FirewallRule allow tcp port 53
185 FirewallRule allow udp port 67
186 FirewallRule allow tcp port 67
189 # Rule Set: locked-users
192 FirewallRuleSet locked-users {
193 FirewallRule block to 0.0.0.0/0