wifidog 配置中文说明

#网关ID
GatewayID default
#外部网卡
ExternalInterface eth0
#无线网卡
GatewayInterface eth0
#无线IP
GatewayAddress 192.168.1.1
#路由状态HTML
HtmlMessageFile wifidog-msg.html
#验证服务器
#AuthServer {
#    Hostname                 (Mandatory; Default: NONE)
#    SSLAvailable             (Optional; Default: no; Possible values: yes, no)
#    SSLPort                  (Optional; Default: 443)
#    HTTPPort                 (Optional; Default: 80)
#    Path                     (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
#   LoginScriptPathFragment  (Optional; Default: login/? Note:  未用户登录重定向地址.)
#   PortalScriptPathFragment (Optional; Default: portal/? Note:  登录成功后重定向地址.)
#   MsgScriptPathFragment    (Optional; Default: gw_message.php? Note:  退出登录后重定向地址.)
#   PingScriptPathFragment    (Optional; Default: ping/? Note:  路由状态心跳地址.)
#   AuthScriptPathFragment    (Optional; Default: auth/? Note:  路由请求服务器验证地址 and 验证心跳地址(stage=counters).)
#}

AuthServer {
    Hostname auth.com
    #SSLAvailable yes
    Path /
}

# 是否后台进程
# Daemon 1
#默认网关端口
# Default: 2060
GatewayPort 80

# HTTP进程名
# HTTPDName WiFiDog

# HTTP最大连接数
# Default: 10
# HTTPDMaxConn 10

# WEB页面加密码后显示名
# Default: WiFiDog
# HTTPDRealm WiFiDog

# WEB加验证
# HTTPDUserName admin
# HTTPDPassword secret

# 心跳间隔时间
# Default: 60
CheckInterval 60

# 心跳间隔次数 验证超时数等于 CheckInterval*ClientTimeout
ClientTimeout 2

# 信任的MAC地址,加入信任列表将不用登录可访问
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D

#其他防火墙设置

#全局
FirewallRuleSet global {
    ## To block SMTP out, as it's a tech support nightmare, and a legal liability
    #FirewallRule block tcp port 25
    
    ## Use the following if you don't want clients to be able to access machines on
    ## the private LAN that gives internet access to wifidog.  Note that this is not
    ## client isolation;  The laptops will still be able to talk to one another, as
    ## well as to any machine bridged to the wifi of the router.
    # FirewallRule block to 192.168.0.0/16
    # FirewallRule block to 172.16.0.0/12
    # FirewallRule block to 10.0.0.0/8
    
    ## This is an example ruleset for the Teliphone service.
    #FirewallRule allow udp to 69.90.89.192/27
    #FirewallRule allow udp to 69.90.85.0/27
    #FirewallRule allow tcp port 80 to 69.90.89.205
}

# 新验证用户
FirewallRuleSet validating-users {
    FirewallRule allow to 0.0.0.0/0
}

#正常用户
FirewallRuleSet known-users {
    FirewallRule allow to 0.0.0.0/0
}

#未知用户
FirewallRuleSet unknown-users {

#域名已修改源码实现,直接下载的不行的...
    FirewallRule allow to baidu.com
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}

#锁住用户
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}

域名过滤支持:

fw_iptables.c

iptables_compile 修改:

if (rule->mask != NULL) {
		char *mask=rule->mask;
		int mask_len=strlen(mask);
		int is_domain=0,
			i=0;
		for(;i<mask_len;i++){
			if((mask[i]>=46&&mask[i]<=57)||mask[i]==32){
				continue;
			}else{
				is_domain=1;
				break;
			}
		}
		char * ip =NULL;
		if(is_domain){
			struct in_addr * h_addr =wd_gethostbyname(mask);
			if(h_addr){
				ip= safe_strdup(inet_ntoa(*h_addr));
				free(h_addr);
			}
			if(ip){
				mask=ip;
			}else{
				debug(LOG_ERR, "doamin %s not find ip try again!",mask);
				mask="0.0.0.0";
			}
		}
		snprintf((command + strlen(command)), (sizeof(command) - 
					strlen(command)), "-d %s ", mask);
		if(ip){
			free(ip);
		}
	}

 conf.c 

_parse_firewall_rule 修改:

for (i = 0; *(mask + i) != ''; i++)
			if (!isdigit((unsigned char)*(mask + i))
					&&!isalpha((unsigned char)*(mask + i))
					&& (*(mask + i) != '-')
					&& (*(mask + i) != '.')
					&& (*(mask + i) != '/'))
				all_nums = 0; /*< No longer only digits */