luci-mod-network: Static Leases improvements #5401
Conversation
|
Static Leases GUI:
|
|
Multiple "Tag" fields on the screenshot. |
|
Added e.g. the entry MAC: while the entry MAC: |
|
ping - seems ready |
modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
Outdated
Show resolved
Hide resolved
modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
Show resolved
Hide resolved
|
@jow- any other insights here? |
|
Ready for merge....? |
|
Bump! This looks very handy, would really like to see it mainlined. 🙏 |
|
@jow- ? |
|
Do we accept contribution where is used GitHub's noreply address? 🤔 |
|
Hello This modification might fulfill the following feature request See also these other requests which somewhat relate https://forum.openwrt.org/t/add-default-gateway-setting-to-static-lease-configuration/151644 I initially believe that a static DNS or Gateway could be assigned per device, but then I learned about the "tag" system In this new change, it is great to see valid tags listed in the DHCP static lease dialog, however is there a way for the user to create new tags from the user interface or is the only way to manually edit /etc/config/dhcp ? I think it would also help to suggest pre-made tags for example deadend gateway (just don't provide internet access to a specific device) I think this covers most possible scenarios of common users. Having these as ready to go suggestions would empower users by making them realize what is possible and then helping them implementing those solutions quickly. |
|
@jow- please merge :) |
modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
Outdated
Show resolved
Hide resolved
modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
Show resolved
Hide resolved
modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
Outdated
Show resolved
Hide resolved
Under DHCP and DNS, Static Leases tab: Add extra fields and booleans Add 'ignore' value for ip field Add description text for fields Enable wildcards in mac addresses Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
|
Added some helpful text from the man page. |
|
Merged, thanks! |
|
Looking forward to give this a try Another thing I did not list in my above comment However it is not part of the static lease configuration per say Would be dhcp "white list mode" Which would be a state where new, unknown devices are given a restricted or no internet access In whitelist mode only whitelisted devices get full network access When an unknown device connects to the network, there could be a status page notification to router admin about what to do about the device (full access, restricted internet, fakeinternet, segregate to quarantine subnet, segregate to hostile subnet) This is to accomodate unknown and potentially hostile devices such as smart TVs, apple, android phones which will call home, export data and then download and execute unauthorized payloads when given free internet access. Likewise, fakeinternet is to disable their own network capabilities when refused internet access. I know that feels like an advanced feature that few people will use but, I think it all can be done with a few scripts and no extra software. I think a default openwrt router should be able to handle hostile devices and work in hostile environement out of the box by just pressing a button |
|
All of these options are possible when using tags.
I'm going to make a new PR soon to improve tag handling and management.
Most of what you describe is made easier via tags and specific bits of
config.
Tags are not limited to static leases. They can be used in lots of DHCP
places.
|
|
Is there a way to assign a default tag to unknown devices ? Also, like dynamic dns, I find that users have difficult time grasping how the whole thing works. So I was thinking maybe we could have "mode" buttons to flip important config parameters of the dhcp server However, the only modes I can think of right now is default (all request given address out of the pool, default gateway, default dns, default timeserver) and whitelist (only requestors in the whitelist get a valid internet gateway,dns, the rest get invalid gateway(maybe fakeinternet), maybe no outside dns (can dnsmasq dns server discriminate clients this way) and maybe they even get their own, non routing subnet) there are probably other modes for other situation I can't think of right now. Also, it would be great to discriminate devices by type, apple, android, smart tv, IoT devices without having to explicitely tell the dhcp server what they are ? Maybe there exists somekind of ethernet mac address fingerprinting mechanism that could be used here (quickly leaving the scope of this issue here) just throwing ideas here. Personnally all this comes from a time when I needed to connect an android device to have network access but without let it update its firmware, which would break my root access |
Read the dnsmasq man page. You'll be enlightened. |
|
Apparently, it is not possible to assign a default tag to unknown new and/or unknown old clients The --dhcp-range apparently allows assigning a tag to a range --dhcp-range=set:unknown,192.168.0.50,192.168.0.150,255.255.255.0,12h but then, do known clients also get tagged as unknown ? Does this means unknown clients cannot be on the same subnet and can never communicate (except through the router perhaps) ? Also, does the openwrt user interface allow the user to apply this tag to the default range in an intuitive way ? (I don't have access to openwrt device at the moment but I don't recall seeing an option to this effect) |
|
You can to do what you want today already: Set a MAC, (or a wildcard MAC (or whatever tags) if you are using this code already), then set the With this code, or by manually editing the dhcp config, you can enter |
Under DHCP and DNS, Static Leases tab:
Add extra fields and booleans
Add 'ignore' value for ip field
Add description text for fields
Enable wildcards in mac addresses
Signed-off-by: Paul Dee itsascambutmailmeanyway@gmail.com