Page History

...

Add to /etc/shorewall/rules (replace IP addresses with actual IP address of wifi routers):

Code Block

 
# At the top of the file:
?SECTION ALL
# Allow the server and NASes to talk RADIUS and HTTP (web interface)
ACCEPT          wifi:192.168.9.2,192.168.9.3,192.168.9.4                $FW                                             tcp     -       80
ACCEPT          $FW                                                     wifi:192.168.9.2,192.168.9.3,192.168.9.4        tcp     80      -
ACCEPT          wifi:192.168.9.2,192.168.9.3,192.168.9.4                $FW                                             udp     1812    -
ACCEPT          $FW                                                     wifi:192.168.9.2,192.168.9.3,192.168.9.4        udp     -       1812
# But, reject anything else to and from any other device part of the 192.168.9.0/24 network that is not part of any dynamic zone
REJECT          wifi                                                    all                                             -       -       -
REJECT          all                                                     wifi                                            -       -       -

?SECTION NEW
 
# At the end of the file:
ACCEPT:INFO(uid)        wifi:192.168.9.2,192.168.9.3,192.168.9.4        $FW             udp    1812

...

Space shortcuts

Child pages

Versions Compared

Old Version 93

New Version 94

Key