-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nodogsplash: update to version 5.0.2 #1023
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
|
||
# The options available here are an adaptation of the settings used in nodogsplash.conf. | ||
# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf | ||
|
||
config nodogsplash | ||
# Set to 0 to disable nodogsplash | ||
option enabled 1 | ||
|
||
# Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts. | ||
# This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries. | ||
option fwhook_enabled '1' | ||
|
||
# WebRoot | ||
# Default: /etc/nodogsplash/htdocs | ||
# | ||
# The local path where the splash page content resides. | ||
# ie. Serve the file splash.html from this directory | ||
#option webroot '/etc/nodogsplash/htdocs' | ||
|
||
# Use plain configuration file | ||
#option config '/etc/nodogsplash/nodogsplash.conf' | ||
|
||
# Use this option to set the device nodogsplash will bind to. | ||
# The value may be an interface section in /etc/config/network or a device name such as br-lan. | ||
option gatewayinterface 'br-lan' | ||
|
||
# GatewayPort | ||
# Default: 2050 | ||
# | ||
# Nodogsplash's own http server uses gateway address as its IP address. | ||
# The port it listens to at that IP can be set here; default is 2050. | ||
# | ||
#option gatewayport '2050' | ||
|
||
|
||
option gatewayname 'OpenWrt Nodogsplash' | ||
option maxclients '250' | ||
|
||
# Enables debug output (0-3) | ||
#option debuglevel '1' | ||
|
||
# Client timeouts in minutes | ||
option preauthidletimeout '30' | ||
option authidletimeout '120' | ||
# Session Timeout is the interval after which clients are forced out (a value of 0 means never) | ||
option sessiontimeout '1200' | ||
|
||
# The interval in seconds at which nodogsplash checks client timeout status | ||
option checkinterval '600' | ||
|
||
# Enable BinAuth Support. | ||
# If set, a program is called with several parameters on authentication (request) and deauthentication. | ||
# Request for authentication: | ||
# $<BinAuth> auth_client <client_mac> '<username>' '<password>' | ||
# | ||
# The username and password values may be empty strings and are URL encoded. | ||
# The program is expected to output the number of seconds the client | ||
# is to be authenticated. Zero or negative seconds will cause the authentification request | ||
# to be rejected. The same goes for an exit code that is not 0. | ||
# The output may contain a user specific download and upload limit in KBit/s: | ||
# <seconds> <upload> <download> | ||
# | ||
# Called on authentication or deauthentication: | ||
# $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end> | ||
# | ||
# "client_auth": Client authenticated via this script. | ||
# "client_deauth": Client deauthenticated by the client via splash page. | ||
# "idle_deauth": Client was deauthenticated because of inactivity. | ||
# "timeout_deauth": Client was deauthenticated because the session timed out. | ||
# "ndsctl_auth": Client was authenticated manually by the ndsctl tool. | ||
# "ndsctl_deauth": Client was deauthenticated by the ndsctl tool. | ||
# "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating. | ||
# | ||
# Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited. | ||
# | ||
#option binauth '/bin/myauth.sh' | ||
# Enable PreAuth Support. | ||
# | ||
# A simple login script is provided in the package. | ||
# This generates a login page asking for usename and email address. | ||
# User logins are recorded in the log file /tmp/ndslog.log | ||
# Details of how the script works are contained in comments in the script itself. | ||
# | ||
# The Preauth program will output html code that will be served to the client by NDS | ||
# Using html GET the Preauth program may call: | ||
# /nodogsplash_preauth/ to ask the client for more information | ||
# or | ||
# /nodogsplash_auth/ to authenticate the client | ||
# | ||
# The Preauth program should append at least the client ip to the query string | ||
# (using html input type hidden) for all calls to /nodogsplash_preauth/ | ||
# It must also obtain the client token using ndsctl (or the original query string if fas_secure_enabled=0) | ||
# for NDS authentication when calling /nodogsplash_auth/ | ||
# | ||
#option preauth '/usr/lib/nodogsplash/login.sh' | ||
|
||
# Your router may have several interfaces, and you | ||
# probably want to keep them private from the gatewayinterface. | ||
# If so, you should block the entire subnets on those interfaces, e.g.: | ||
#list authenticated_users 'block to 192.168.0.0/16' | ||
#list authenticated_users 'block to 10.0.0.0/8' | ||
|
||
# Typical ports you will probably want to open up. | ||
#list authenticated_users 'allow tcp port 22' | ||
#list authenticated_users 'allow tcp port 53' | ||
#list authenticated_users 'allow udp port 53' | ||
#list authenticated_users 'allow tcp port 80' | ||
#list authenticated_users 'allow tcp port 443' | ||
# Or for happy customers allow all | ||
list authenticated_users 'allow all' | ||
|
||
# For preauthenticated users to resolve IP addresses in their | ||
# initial request not using the router itself as a DNS server, | ||
# Leave commented to help prevent DNS tunnelling | ||
#list preauthenticated_users 'allow tcp port 53' | ||
#list preauthenticated_users 'allow udp port 53' | ||
|
||
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS | ||
list users_to_router 'allow tcp port 22' | ||
list users_to_router 'allow tcp port 23' | ||
list users_to_router 'allow tcp port 53' | ||
list users_to_router 'allow udp port 53' | ||
list users_to_router 'allow udp port 67' | ||
list users_to_router 'allow tcp port 80' | ||
|
||
# MAC addresses that are / are not allowed to access the splash page | ||
# Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used. | ||
#option macmechanism 'allow' | ||
#list allowedmac '00:00:C0:01:D0:0D' | ||
#list allowedmac '00:00:C0:01:D0:1D' | ||
#list blockedmac '00:00:C0:01:D0:2D' | ||
|
||
# MAC addresses that do not need to authenticate | ||
#list trustedmac '00:00:C0:01:D0:1D' | ||
|
||
# Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask. | ||
# This mask can conflict with the requirements of other packages such as mwan3, sqm etc | ||
# Any values set here are interpreted as in hex format. | ||
# | ||
# List: fw_mark_authenticated | ||
# Default: 30000 (0011|0000|0000|0000|0000 binary) | ||
# | ||
# List: fw_mark_trusted | ||
# Default: 20000 (0010|0000|0000|0000|0000 binary) | ||
# | ||
# List: fw_mark_blocked | ||
# Default: 10000 (0001|0000|0000|0000|0000 binary) | ||
# | ||
#option fw_mark_authenticated '30000' | ||
#option fw_mark_trusted '20000' | ||
#option fw_mark_blocked '10000' | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uhh, this is not good. The PR was draft and then it was merged.
I would like to avoid this. You can not use CP for all. The previous solution was better, not the best.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So you want each file to be referenced?