...
Add to /etc/shorewall/rules (replace IP addresses with actual IP address of wifi routers):
Code Block |
---|
# At the top of the file:
?SECTION ALL
# Allow the server and NASes to talk RADIUS and HTTP (web interface)
ACCEPT wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW tcp - 80
ACCEPT $FW wifi:192.168.9.2,192.168.9.3,192.168.9.4 tcp 80 -
ACCEPT wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW udp 1812 -
ACCEPT $FW wifi:192.168.9.2,192.168.9.3,192.168.9.4 udp - 1812
# But, reject anything else to and from any other device part of the 192.168.9.0/24 network that is not part of any dynamic zone
REJECT wifi all - - -
REJECT all wifi - - -
?SECTION NEW
# At the end of the file:
ACCEPT:INFO(uid) wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW udp 1812 |
...