wifidog-配置guest WLAN--part2

第四步b:对固件设置的不同修改
我创建了一些规则在guest SSID进行分离guest。我有一些只有WEP才能运行或无认证的设备。WEP与HT模式下在.11n运行的设备不同,所以唯一的选择是wide-open SSID。我也不太希望我的邻居偷用我的网络。此防火墙设置也只允许明确已知联接到互联网的MAC。
编辑/etc/config/firewall并添加新区域节段覆盖guest接口,允许SSH,DNS和DHCP guest。

[..]
# Enable logging
config 'zone'
option 'name' 'guest'
option 'network' 'guest'
option 'input' 'REJECT'
option 'forward' 'REJECT'
option 'output' 'ACCEPT'
# Quick rule to allow SSH in
config 'rule'
option 'name' 'Allow SSH in'
option 'src' 'guest'
option 'dest_port' '22'
option 'proto' 'tcp' o
ption 'target' 'ACCEPT'
# Allow DNS Guest -> Router
config 'rule'
option 'name' 'Allow DNS Queries'
option 'src' 'guest'
option 'dest_port' '53'
option 'proto' 'tcpudp'
option 'target' 'ACCEPT'
# Allow DHCP Guest -> Router
config 'rule'
option 'name' 'Allow DHCP request'
option 'src' 'guest'
option 'src_port' '67-68'
option 'dest_port' '67-68'
option 'proto' 'udp'
option 'target' 'ACCEPT'
# Allow only specific source MAC addresses out to the WAN
config 'rule'
option 'name' 'Allow my Nintendo DS'
option 'src' 'guest'
option 'dest' 'wan'
option 'proto' 'all'
option 'src_mac' '00:ab:00:32:00:00'
option 'target' 'ACCEPT'
# Drop broadcast traffic, it just fills the logs 
config 'rule'
option 'name' 'Drop guest broadcast'
option 'src' 'guest'
option 'dest_ip' '172.16.62.255'
option 'target' 'DROP'
# Another explicit deny at the end.
config 'rule'
option 'name' 'Deny guest -> WAN'
option 'src' 'guest'
option 'dest' 'wan'
option 'proto' 'all'
option 'target' 'REJECT'
[..]

本文章由 http://www.wifidog.pro/2015/01/16/wifidog-guest-wlan2.html 整理编辑,转载请注明出处

标签: wifidog认证 wifidog安装 wifidog原理 wifidog分析 wifidog配置 wifidog流程 wifidog服务器 wifidog-ddwrt wifidog openwrt