Hello
Today I've got an idea and I would like to know if it is possible and how many work we have to spend on it.
1st idea: Make it possible to switch (on/off), over the webif, the MAC-filter on blue over the webif. 2nd idea: Make it possible to switch (on/off), over the webif, that the clients on blue may connect each other.
Please tell me what you think about it.
- Daniel
Hi,
On Sun, 2013-01-20 at 13:55 +0100, Daniel Weismüller wrote:
Hello
Today I've got an idea and I would like to know if it is possible and how many work we have to spend on it.
1st idea: Make it possible to switch (on/off), over the webif, the MAC-filter on blue over the webif.
Why would someone want to do that? It has been like that since the beginning of the IPFire project and no one has ever complained about it.
To enable access for all systems on that part of the network it takes one rule and you are done. That is not worth an extra switch for me - especially because it weakens the system very easily.
2nd idea: Make it possible to switch (on/off), over the webif, that the clients on blue may connect each other.
I am sure you are talking about the hostapd addon here, because that would otherwise not be possible (except using managed switches which can do that).
Implementing this option for the hostapd addon is easy. It is a one-line change in the configuration file and you will need to add a checkbox on the WUI.
Please send me a patch with those changes when you are done.
Best, -Michael
The reason why I ask is that I want to change an endian to an ipfire.
The firewall is used in a small restaurant. Green is the LAN used by the restaurant itself for internet, mail, etc.
Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is directly connected. No use of hostapd.
Actually the guest will get the key and can use their wlan-clients (smartphones, netbooks, etc)
Because there is no one which is able to use the webif the mac-filter is off. And of course the clients in blue do not see each other.
So if I want to migrate to IPFire i must be able to switch the 2 things.
I hope this makes a little bit more understandable. What I need and why.
Am 21.01.2013 12:12, schrieb Michael Tremer:
Hi,
On Sun, 2013-01-20 at 13:55 +0100, Daniel Weismüller wrote:
Hello
Today I've got an idea and I would like to know if it is possible and how many work we have to spend on it.
1st idea: Make it possible to switch (on/off), over the webif, the MAC-filter on blue over the webif.
Why would someone want to do that? It has been like that since the beginning of the IPFire project and no one has ever complained about it.
To enable access for all systems on that part of the network it takes one rule and you are done. That is not worth an extra switch for me - especially because it weakens the system very easily.
2nd idea: Make it possible to switch (on/off), over the webif, that the clients on blue may connect each other.
I am sure you are talking about the hostapd addon here, because that would otherwise not be possible (except using managed switches which can do that).
Implementing this option for the hostapd addon is easy. It is a one-line change in the configuration file and you will need to add a checkbox on the WUI.
Please send me a patch with those changes when you are done.
Best, -Michael
Layer 2 is the layer that deals with things like that.
However, the firewall (which operates mainly on layer 3) cannot do anything about this. If you don't want your clients to talk to each other, don't connect them to the same network.
On Mon, 2013-01-21 at 12:52 +0100, Daniel Weismüller wrote:
The reason why I ask is that I want to change an endian to an ipfire.
The firewall is used in a small restaurant. Green is the LAN used by the restaurant itself for internet, mail, etc.
Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is directly connected. No use of hostapd.
Actually the guest will get the key and can use their wlan-clients (smartphones, netbooks, etc)
Because there is no one which is able to use the webif the mac-filter is off. And of course the clients in blue do not see each other.
So if I want to migrate to IPFire i must be able to switch the 2 things.
I hope this makes a little bit more understandable. What I need and why.
On Mon, 21 Jan 2013 12:52:24 +0100, Daniel Weismüller whytea@ipfire.org wrote:
The reason why I ask is that I want to change an endian to an ipfire.
The firewall is used in a small restaurant. Green is the LAN used by the restaurant itself for internet, mail, etc.
Blue is for guests. Blue is an LAN-interface and a WLAN-Ap is directly connected. No use of hostapd.
Actually the guest will get the key and can use their wlan-clients (smartphones, netbooks, etc)
The macfilter can allready disabled via webif by adding a rule that allow the entire blue ip range without a mac entry. http://wiki.ipfire.org/de/configuration/firewall/accesstoblue
Because there is no one which is able to use the webif the mac-filter is off. And of course the clients in blue do not see each other.
This cannot done by the firewall inside the IPFire because the connections between the clients not reach the IPFire box. This has to be done by the used Accesspoint. Only if the IPFire itself is the AP (hostapd) this feature could be added.
Arne
-
Arne Fitzenreiter -
Daniel Weismüller -
Michael Tremer