MACFilter

Simple MAC Filter for fli4l

Version 2.0 for fli4l 3.4

Author

Florian Schlögl

Florian_Schloegl.Wolfsteam@web.de

Configuration for OPT MACFilter




1.1 Introduction

MACFilter is an OPT that builds a simple MAC filter into your fli4l and allows you to manage it over the httpd website of the fli4l.

1.2 Requirements

Opt MACFilter in version 2.0 requires:

1.3 Settings

Settings in /config/macfilter.txt:

OPT_MACFILTER

Default: OPT_MACFILTER='no'

Activate MACFilter with 'yes'. 'no' deactivates it.

Setting: 'yes', 'no'


MACFILTER_USE_AS

Default: MACFILTER_USE_AS='blacklist'

Sets MACFilter as blacklist ('blacklist') or as whitelist ('whitelist').

Note: when using as whitelist it is required to add the MACs of the gateways to the list.

Setting: 'blacklist', 'whitelist'


MACFILTER_ALLOW_HTTPD_ACCESS

Default: MACFILTER_ALLOW_HTTPD_ACCESS='yes'

Allow httpd access even when a MAC is blocked by MACFilter.
This option should be set when you want to switch between the filters. When it's not set it might occure that you have no access after switching because your MAC is either blocked or not allowed.

Setting: 'yes', 'no'


MACFILTER_ALLOW_PING_ACCESS

Default: MACFILTER_ALLOW_PING_ACCESS='yes'

Allow ping access even when a MAC is blocked by MACFilter.

Setting: 'yes', 'no'


MACFILTER_ALLOW_DNS

Default: MACFILTER_ALLOW_DNS='yes'

Allow dns requests even when a MAC is blocked by MACFilter.

Setting: 'yes', 'no'


MACFILTER_ALLOW_DHCP

Default: MACFILTER_ALLOW_DHCP='yes'

Allow dhcp even when a MAC is blocked by MACFilter.

Setting: 'yes', 'no'


MACFILTER_LIST_N

Default: MACFILTER_LIST_N='0'

Count of MACs which shall be active upon boot.

Setting: Number of MAC addresses

MACFILTER_LIST_x

MAC address that shall be active on boot.

Setting: MAC address (xx:xx:xx:xx:xx:xx)

MACFILTER_LIST_x_COMMENT

Optinal. Comment for MACFILTER_LIST_x.

Setting: text


MACFILTER_START_BOOT

Default: MACFILTER_START_BOOT='yes'

Optional. Start MACFilter on boot?

Setting: 'yes', 'no'


MACFILTER_LOG

Default: MACFILTER_LOG='no'

Optional. Activates logging for MACFilter.

Setting: 'yes', 'no'


MACFILTER_LOG_PATH

Default: MACFILTER_LOG_PATH='/tmp'

Optional. Sets the path for the logfile. Needs MACFILTER_LOG='yes'

Setting: path


1.3.1 Expert Settings

MACFILTER_BLOCKRULE

Default: MACFILTER_BLOCKRULE='DROP'

Optional. Sets whether blockted pakets should be dropped ("DROP") or rejected ("REJECT").

Setting: "DROP", "REJECT"


MACFILTER_CHAIN

Default: MACFILTER_CHAIN='INPUT FORWARD'

Optional. Chains in which the MACFilter adds itself.

Setting: Chains, seperated by Blank


MACFILTER_CHAINPOS

Default: MACFILTER_CHAINPOS='1'

Optional. Sets the position in the chains MACFilter adds itself.

Setting: Number


MACFILTER_WEB_SECTION

Default: MACFILTER_WEB_SECTION='Firewall'

Systemdefault: MACFILTER_WEB_SECTION='Opt'

Optional. Sets the sub menu for the MACFilter menu.

Setting: Section


MACFILTER_WEB_PRIORITY

Default: MACFILTER_WEB_PRIORITY='500'

Optional. Sets the position for the MACFilter menu in the submenu.

Setting: Number


MACFILTER_DEBUG

Default: MACFILTER_DEBUG='no'

Optional. Activates the Debug mode for MACFilter. Needs MACFILTER_LOG='yes'

Setting: 'yes', 'no'


MACFILTER_DEBUG_TRACE

Default: MACFILTER_DEBUG_TRACE='no'

Optional. Activates the Debug trace mode for MACFilter. Needs MACFILTER_DEBUG='yes'

Setting: 'yes', 'no'


1.4 HTTPD rights

The access right of the OPT HTTPD is used by OPT MACFilter.

The realm name is macfilter and can have the following actions:

Examples:
HTTPD_USER_1_RIGHTS='macfilter:view' # right to view the MAC addresses
HTTPD_USER_2_RIGHTS='macfilter:view,add' # right to view the MAC addresses and add a new one

1.5 Disclaimer

The use of the OPT is at your own risk.

1.6 Index



fli4l-Router

September 1 2009