* Feature request
@ 2013-01-20 12:55 Daniel Weismüller
2013-01-21 11:12 ` Michael Tremer
0 siblings, 1 reply; 5+ messages in thread
From: Daniel Weismüller @ 2013-01-20 12:55 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 502 bytes --]
Hello
Today I've got an idea and I would like to know if it is possible and
how many work we have to spend on it.
1st idea: Make it possible to switch (on/off), over the webif, the
MAC-filter on blue over the webif.
2nd idea: Make it possible to switch (on/off), over the webif, that the
clients on blue may connect each other.
Please tell me what you think about it.
- Daniel
--
You need a firewall?
Easy to use? Powerful? Modular? For free?
www.ipfire.org
An Open Source Firewall Solution
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Feature request
2013-01-20 12:55 Feature request Daniel Weismüller
@ 2013-01-21 11:12 ` Michael Tremer
2013-01-21 11:52 ` Daniel Weismüller
0 siblings, 1 reply; 5+ messages in thread
From: Michael Tremer @ 2013-01-21 11:12 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1141 bytes --]
Hi,
On Sun, 2013-01-20 at 13:55 +0100, Daniel Weismüller wrote:
> Hello
>
> Today I've got an idea and I would like to know if it is possible and
> how many work we have to spend on it.
>
> 1st idea: Make it possible to switch (on/off), over the webif, the
> MAC-filter on blue over the webif.
Why would someone want to do that? It has been like that since the
beginning of the IPFire project and no one has ever complained about it.
To enable access for all systems on that part of the network it takes
one rule and you are done. That is not worth an extra switch for me -
especially because it weakens the system very easily.
> 2nd idea: Make it possible to switch (on/off), over the webif, that the
> clients on blue may connect each other.
I am sure you are talking about the hostapd addon here, because that
would otherwise not be possible (except using managed switches which can
do that).
Implementing this option for the hostapd addon is easy. It is a one-line
change in the configuration file and you will need to add a checkbox on
the WUI.
Please send me a patch with those changes when you are done.
Best,
-Michael
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Feature request
2013-01-21 11:12 ` Michael Tremer
@ 2013-01-21 11:52 ` Daniel Weismüller
2013-01-21 11:57 ` Michael Tremer
2013-01-21 14:37 ` Arne Fitzenreiter
0 siblings, 2 replies; 5+ messages in thread
From: Daniel Weismüller @ 2013-01-21 11:52 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2070 bytes --]
The reason why I ask is that I want to change an endian to an ipfire.
The firewall is used in a small restaurant.
Green is the LAN used by the restaurant itself for internet, mail, etc.
Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is directly
connected. No use of hostapd.
Actually the guest will get the key and can use their wlan-clients
(smartphones, netbooks, etc)
Because there is no one which is able to use the webif the mac-filter is
off. And of course the clients in blue do not see each other.
So if I want to migrate to IPFire i must be able to switch the 2 things.
I hope this makes a little bit more understandable. What I need and why.
Am 21.01.2013 12:12, schrieb Michael Tremer:
> Hi,
>
> On Sun, 2013-01-20 at 13:55 +0100, Daniel Weismüller wrote:
>> Hello
>>
>> Today I've got an idea and I would like to know if it is possible and
>> how many work we have to spend on it.
>>
>> 1st idea: Make it possible to switch (on/off), over the webif, the
>> MAC-filter on blue over the webif.
>
> Why would someone want to do that? It has been like that since the
> beginning of the IPFire project and no one has ever complained about it.
>
> To enable access for all systems on that part of the network it takes
> one rule and you are done. That is not worth an extra switch for me -
> especially because it weakens the system very easily.
>
>> 2nd idea: Make it possible to switch (on/off), over the webif, that the
>> clients on blue may connect each other.
>
> I am sure you are talking about the hostapd addon here, because that
> would otherwise not be possible (except using managed switches which can
> do that).
>
> Implementing this option for the hostapd addon is easy. It is a one-line
> change in the configuration file and you will need to add a checkbox on
> the WUI.
>
> Please send me a patch with those changes when you are done.
>
> Best,
> -Michael
>
--
__________________________________________
You need a firewall?
Easy to use? Powerful? Modular? For free?
www.ipfire.org
An Open Source Firewall Solution
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Feature request
2013-01-21 11:52 ` Daniel Weismüller
@ 2013-01-21 11:57 ` Michael Tremer
2013-01-21 14:37 ` Arne Fitzenreiter
1 sibling, 0 replies; 5+ messages in thread
From: Michael Tremer @ 2013-01-21 11:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1009 bytes --]
Layer 2 is the layer that deals with things like that.
However, the firewall (which operates mainly on layer 3) cannot do
anything about this. If you don't want your clients to talk to each
other, don't connect them to the same network.
On Mon, 2013-01-21 at 12:52 +0100, Daniel Weismüller wrote:
> The reason why I ask is that I want to change an endian to an ipfire.
>
> The firewall is used in a small restaurant.
> Green is the LAN used by the restaurant itself for internet, mail, etc.
>
> Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is directly
> connected. No use of hostapd.
>
> Actually the guest will get the key and can use their wlan-clients
> (smartphones, netbooks, etc)
>
> Because there is no one which is able to use the webif the mac-filter is
> off. And of course the clients in blue do not see each other.
>
> So if I want to migrate to IPFire i must be able to switch the 2 things.
>
> I hope this makes a little bit more understandable. What I need and why.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Feature request
2013-01-21 11:52 ` Daniel Weismüller
2013-01-21 11:57 ` Michael Tremer
@ 2013-01-21 14:37 ` Arne Fitzenreiter
1 sibling, 0 replies; 5+ messages in thread
From: Arne Fitzenreiter @ 2013-01-21 14:37 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1065 bytes --]
On Mon, 21 Jan 2013 12:52:24 +0100, Daniel Weismüller
<whytea(a)ipfire.org> wrote:
> The reason why I ask is that I want to change an endian to an ipfire.
>
> The firewall is used in a small restaurant.
> Green is the LAN used by the restaurant itself for internet, mail, etc.
>
> Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is
> directly connected. No use of hostapd.
>
> Actually the guest will get the key and can use their wlan-clients
> (smartphones, netbooks, etc)
The macfilter can allready disabled via webif by adding a rule that
allow the entire blue ip range without a mac entry.
http://wiki.ipfire.org/de/configuration/firewall/accesstoblue
>
> Because there is no one which is able to use the webif the mac-filter
> is off. And of course the clients in blue do not see each other.
This cannot done by the firewall inside the IPFire because the
connections between the clients not reach the
IPFire box. This has to be done by the used Accesspoint.
Only if the IPFire itself is the AP (hostapd) this feature could be
added.
Arne
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-01-21 14:37 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-20 12:55 Feature request Daniel Weismüller
2013-01-21 11:12 ` Michael Tremer
2013-01-21 11:52 ` Daniel Weismüller
2013-01-21 11:57 ` Michael Tremer
2013-01-21 14:37 ` Arne Fitzenreiter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox