# $Id: wifidog.conf 935 2006-02-01 03:22:04Z benoitg $
# WiFiDog Configuration file
# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the mac address of the GW interface will be used,
# without the : separators
# GatewayID default
# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
ExternalInterface vlan1
# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise
GatewayInterface eth1
# Proprietary of the node (enrolled nickname on the auth server)
# Only used in France Wireless wifidog.ipkg
# (don't use this parameter otherwise)
Proprietary freechelmi
# Parameter: NodeName (Attention ce paramètre est uniquement valable à partir de la version wifidog_1.1.3_beta6_ffw-05 de la fédé)
#NodeName nom_du_noeud
# Parameter: Network
# Default: default-network
#
# Set the network name
#Network default-network
# Parameters: Lat Lon
# Default: 0
# Set the lattitude/logitude node
# Lat
# Lon
# Parameter: TinyproxyPort
# Default: 0
# Set the tinyproxy port
#TinyproxyPort 8888
# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway
# GatewayAddress 192.168.1.1
# Parameter: AuthServer
# Default: NONE
# Mandatory, repeatable
#
# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
# Set this to the hostname or IP of your auth server(s), the path where
# WiFiDog-auth resides in and the port it listens on.
#AuthServer {
# Hostname (Mandatory; Default: NONE)
# SSLAvailable (Optional; Default: no; Possible values: yes, no)
# SSLPort 443 (Optional; Default: 443)
# HTTPPort 80 (Optional; Default: 80)
# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
#}
AuthServer {
Hostname auth.wireless-fr.org
SSLAvailable yes
Path /
}
AuthServer {
Hostname auth1.wireless-fr.org
SSLAvailable yes
Path /
}
AuthServer {
Hostname auth2.wireless-fr.org
SSLAvailable yes
Path /
}
# Parameter: Portal
# Default: none
# Optional
#
# Set this to a URL for your portal, if you run without an auth server
# Portal http://www.wireless-fr.org/
# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1
# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
# GatewayPort 2060
# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
# HTTPDName WiFiDog
# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10
# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 600
# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 1
# Paramètre: TrustedMACList
# Défaut: none
# Optionnel
#
# Liste d'adresse MAC (séparées par une virgule) autorisées à passer
# à travers le portail captif sans authentification
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
# Rule Set : OwnerMACList (Attention ce paramètre est uniquement valable à partir de la version wifidog_1.1.3_beta6_ffw-05 de la fédé)
# Parameter: OwnerMACList
# Default: NONE
# Optional
#
# Set Owner MAC List (separed by comma), no rules, full access to net, no auth
# OwnerMAClist 00:00:00:00:00:00,11:11:11:11:11:11
# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.
# Parameter: FirewallRule
# Default: none
#
# Define one firewall rule in a rule set.
# Rule Set: global
#
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
# TODO add Here some VOIP Service like freephonie or Neuftalk
FirewallRuleSet global {
# Block smtp for al users ..
FirewallRule block tcp port 25
FirewallRule allow udp to 69.90.89.192/27
FirewallRule allow udp to 69.90.85.0/27
# Web access to www.wireless-fr.org and forum/dev
FirewallRule allow tcp port 80 to 80.245.57.139
#
# VOIP Providers
#
# Phonesystems
#
FirewallRule allow udp to 213.11.62.39
FirewallRule allow udp to 62.39.136.151
#
# Freephonie freephonie.net
#
FirewallRule allow udp to 212.27.52.5
#
# Neuf Telecom proxy.sip.n9uf.net
#
FirewallRule allow udp to 84.96.67.71
#
# Wengo
#
FirewallRule allow udp to 213.91.9.0/24
#
# No auth on our Network
#
FirewallRule allow to 10.0.0.0/8
}
# Rule Set : Member users (Attention ce paramètre est uniquement valable à partir de la version wifidog_1.1.3_beta6_ffw de la fédé)
#
# Member of wireless organization
FirewallRuleSet member-users {
FirewallRule allow to 0.0.0.0/0
}
# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
FirewallRule block to 0.0.0.0/0
}
# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}
