Oleg,Originally Posted by Oleg
As I see it - NocatSplash makes changes dynamically. Àfter it sees new (previously unknown) Wireless client (MAC address), it then first redirects all 80 and 8080 ports connections from it to its own httpd server, presents some splash (AUP and button accept) and after pressing "Accept" modifies iptables to allow this MAC address access Web. Because of that post-firewall will be not enogh
WlanMan, I see no problem in splashd updating iptables dynamically - it just runs iptables as admin can do from shell script or command prompt. The only problem I see may occure when WAN connection is down and then back up - in this case as post-firewall script will be executed again, it may disrupt splashd rules. But this should not be often normally and main disadvantage will be presenting AUP once again to users.
Concerning Iptables guide - I found Netfilter site extremely useful.
Hope it helps,
Regards,
Roofcat
Reply With Quote