[ previous ] [ next ] [ threads ]
 From:  Michal Harajda <root at unlockers dot sk>
 To:  Dinesh Nair <dinesh at alphaque dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re[3]: [m0n0wall] MAC filtering in firewall rules
 Date:  Wed, 19 May 2004 11:56:12 +0200
Mr. Dinesh,

ok I will try this, and let u know

Wednesday, May 19, 2004, 11:51:06 AM, you wrote:

DN> On Wed, 19 May 2004, Michal Harajda wrote:

>> its a problem, because clients with disabled internet access use ip
>> addresses of not active clients with internet access. And I cannot do
>> anything.

DN> one way of perhaps trying to do what you want to do is by using a
DN> side-effect of the captive portal with the following steps:

DN> 1. make sure the captive portal interface is not bridged
DN> 2. turn on the captive portal on the interface
DN> 3. when uploading a portal page, omit the accept button
DN> 4. explicitly add the allowed mac addresses under pass-through mac

DN> now only mac addresses with an explicit pass-through will be allowed thru,
DN> but others will be thrown up the portal page (which may contain a warning
DN> notice) without an accept button.

DN> do note however that this is not a fool-proof manner because someone could
DN> still forge a http request to m0n0wall and subvert this.

DN> however, once i have added in radius support for the captive portal,
DN> things _may_ (no promises) be different.

DN> Regards,                           /\_/\   "All dogs go to heaven."
DN> dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
DN> +==========================----oOO--(_)--OOo----==========================+
DN> | for a in past present future; do                           
DN> |   for b in clients employers associates relatives neighbours pets; do   |
DN> |   echo "The opinions here in no way reflect the opinions of my $a $b."  |
DN> | done; done                                                 
DN> +=========================================================================+

Best regards,
 Michal                            mailto:root at unlockers dot sk