I'm thinking that the best answer involves the hotel setting an "acceptable use" waiver that says
what guests can and cannot do on their internet connection. By hotel I mean you. ;) If the hotel has
a waiver signed by every guest at check-in that they will only use the internet connection for web,
email, and other non troublesome traffic, you are safe to block every port that is not in that list.
Truth be told there will still be some problems with users that have some bit of clue, but the
majority of the users that complain will be told they signed an acceptable use policy and that the
traffic they are trying to pass is not in the approved list so get over it.
Bottom line is that you won't be able to make everyone happy in this situation. You'll always hear
some complaints about someone that wants to play some online game that is going to saturate the
uplink or someone that wants to use a P2P network on someone else's dime, tough cookies though. One
person can't take up the entire uplink preventing others from using it and in the meantime, you are
preventing your firewall from locking up by blocking practically every port except the most standard
From: David Burgess [mailto:apt dot get at gmail dot com]
Sent: Monday, August 13, 2007 8:21 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Latest virus kills m0n0wall
I think whatever technical solution you end up going with is going to
be a compromise, either in the sense that somebody's internet
experience is going to suffer, you're going to have to put in a whole
tonne of extra time and sweat, or the hotel is going to have to pay up
for more equipment and/or labour.
My point being then, that it's good to rack your brain and consult
with the list and so forth to come up with the best solutions, but
ultimately there may come a time when you have to say to your client
(ie, the hotel or by extension, the hotel's guests) that the situation
is untenable, unmitigable, or will simply require some more sacrifice
by them or their guests.
Or in other words, sometimes the right answer is to just say, "I don't
have any easy answers."
I just thought I would put that out there. The people on this list are
indeed brilliant. Most of the suggestions that have been thrown into
the pot are good ones and I'm sure you'll come to some kind of
solution that works in your situation. It's the meantime that really
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch