I think the ability to configure the CP to control access to specific TCP/UDP ports on the router
itself on a per client basis would be a powerful feature to consider.
By default the CP should allow all access to the router (DNS, WebGui, PPTP etc), but you can add
ports to a list that it will block unless they authenticate. Obviously the anti-lockout
requirements for DNS and WebGui would still have to be in affect.
From: Wesley K. Joyce [mailto:wjoyce at uvi dot edu]
Sent: Sun 2/19/2006 6:33 PM
To: m0n0wall at lists dot m0n0 dot ch; m0n0wall dash dev at lists dot m0n0 dot ch
Subject: [m0n0wall] Captive Portal block/allow access to other monowal service such as PPTP
I want to use both the CP and PPTP server to control wirless users. But it seems that a user can
make a PPTP connection without authenticating to the CP (which displays my AUP etc). Is it possible
to reconfigure m0n0wall to block access to port 1723 (PPTP) until after the user authenticates to
the CP and all the while maintaning the same state information (ip/mac of user, idle time, hard
limit etc) it does for port 80?