EFW Support

Support => General Support => Topic started by: dgcarter on Sunday 08 March 2009, 08:19:57 am



Title: Restrict blue access
Post by: dgcarter on Sunday 08 March 2009, 08:19:57 am
I'm looking for a method to restrict access to my blue (wireless) network with a MAC fliter type arrangement, similar to IPCop where one has to specify which MAC addys can access the network.

I attempted to do this under the System Access config under Firewall, but it won't accept MAC addys as a source, even though it says just above the input box it can. Any suggestions?

P.S. I know I can configure this on my Wireless AP, but thats not what I'm looking for.

Thanks in advance.


Title: Re: Restrict blue access
Post by: dgcarter on Tuesday 17 March 2009, 06:22:43 am
Support? Anyone?


Title: Re: Restrict blue access
Post by: mrkroket on Friday 20 March 2009, 02:05:47 am
You can filter Blue->Red, Blue->Green, Blue->Orange traffic by MAC.

System access rules as far as I know are referred to rules that allow client to access the firewall, just for admin the firewall.
You need to block also that?





Title: Re: Restrict blue access
Post by: dgcarter on Friday 27 March 2009, 05:26:56 am
You can filter Blue->Red, Blue->Green, Blue->Orange traffic by MAC.

System access rules as far as I know are referred to rules that allow client to access the firewall, just for admin the firewall.
You need to block also that?





But how? I've tried in the outgoing firewall. I created a rule denying Blue -> Red, then above that a rule allowing only specific mac addys. But even if I leave only the deny all blue rule enabled, I still can access the net on blue.  ???


Title: Re: Restrict blue access
Post by: mrkroket on Tuesday 31 March 2009, 07:41:02 am
If you enable the HTTP Proxy some rules on Outgoing Firewall are bypassed by the proxy.
Check the Outgoing Firewall Rules with HTTP proxy disabled. Log the rules and see what happens on firewall rules.
I know, for me that Proxy bypass doesnt make sense at all. But it happens the same on ipcop. The logical way for me is User-->Outgoing Firewall-->HTTP Proxy.


In fact to allow a full integration of DHCP fixed leases+Outgoing FW+Proxy HTTP you must change a lot of scripts on EFW.
I did it and it manage to works as I need: I register a MAC in DHCP fixed, assign to a custom firewall rule group, and voila, only registered MAC's will have access to Inet, and only to selected services by rule groups. Unregistered ppl cant use internet except for whitelisted domains (webmail, microsoft updates, antivir update site, etc.). Those mods can have undesired effects, but for now it works more or less as intended (problems with whitelisted HTTPS sites for unregistered ppl).