[ previous ] [ next ] [ threads ]
 
 From:  "Wesley K. Joyce" <wjoyce at uvi dot edu>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Captive Portal / IPFW / Rules / Control Access to local services
 Date:  Mon, 6 Mar 2006 19:11:58 -0400 
Greetings, I am exploring the idea of changing the CP so that it can block access to services
offered from the router until the user authenticates to the CP.  In this example I am trying to
control access to PPTP.
 
First I deleted the 500-501 rules and I removed them from the services_captiveportal.php
ipfw delete 500
ipfw delete 501
 
Then I added these rules to the services_captiveportal.php page right after the line '# ...
10000-19899: rules per authenticated client go here...'
 
ipfw 19897 add deny tcp from any to 192.168.1.1 1723
ipfw 19898 add allow ip from 192.168.1.1 to any out via de1
ipfw 19899 add allow ip from any to 192.168.1.1 in via de1  
 
This works as intended.  The use is allowd full access to the router except for port 1723.  When the
user authenticates, the rules created in 10000-19999 take over and allow full access, including
1723.
 
Can these sorts of changes to the behavior of the CP be implemented?  Are there obvious consequences
of this, particuarlty the fact that rules 500-501 have become 19898-19899?