'Re: [PacketFence-users] Firewall question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] Firewall question
From:       Durand fabrice via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2020-09-09 1:55:02
Message-ID: 3ec321d9-ec5a-c22f-1736-8cf85e2729b3 () inverse ! ca
[Download RAW message or body]

Hello,

you can try this:

in /usr/local/pf/conf/iptables.conf

change:

:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%

to:

:forward-internal-inline-if - [0:0]

-A forward-internal-inline-if --match mark --mark 0x1 -d 10.255.60.0/24 
--jump DROP

%%filter_forward_inline%%


Then restart the iptables service.

Regards

Fabrice


Le 20-09-04 Ă  08 h 12, INFO via PacketFence-users a ĂŠcrit  :
> Hi,
>
> i have un in line configuratione using 2 VM Cisco WLC for 200 AP . Not 
> use Radius . PF is used ogni for Guest with Captive portal and using a 
> spcecific group in AD .
>
> All work correctly, but i have a problem when the user its autorized.
>
> The guest must go only in the internet and not in the intranet.
>
> The guest have un private NET in a private Vlan, but from PF and 
> internet have many hops e many network .
>
> And the guest now can view all the net .
>
> the guest crosses several networks without firewalls and in these, for 
> example, there is the corporate DNS, various MS Domain controllers and 
> other things that must not be able to access.
>
> Basically I should enable the requests to the various dns and related 
> responses but then block a whole net / 8. I tried to do ACLs on WLCs 
> but they are a little weird and dangerous and if I'm wrong I could do 
> the company disservice. how can I do ??
>
> Client ----10.122.250./24--- 
> PF--10.255.60.0/24-----Hop---hop-Firewall-----firewall---Router--AS 
> Internet
>
> The Guest can view the net 10.2550.60.0/24 and other net since to the 
> first firewall..
>
> Who can see me how to make an simple firewall config for iptables.conf ??
>
> Thank's
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic