[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: Re: [PacketFence-users] Firewall question
From: Durand fabrice via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date: 2020-09-09 1:55:02
Message-ID: 3ec321d9-ec5a-c22f-1736-8cf85e2729b3 () inverse ! ca
[Download RAW message or body]
Hello,
you can try this:
in /usr/local/pf/conf/iptables.conf
change:
:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%
to:
:forward-internal-inline-if - [0:0]
-A forward-internal-inline-if --match mark --mark 0x1 -d 10.255.60.0/24
--jump DROP
%%filter_forward_inline%%
Then restart the iptables service.
Regards
Fabrice
Le 20-09-04 à 08 h 12, INFO via PacketFence-users a écrit :
> Hi,
>
> i have un in line configuratione using 2 VM Cisco WLC for 200 AP . Not
> use Radius . PF is used ogni for Guest with Captive portal and using a
> spcecific group in AD .
>
> All work correctly, but i have a problem when the user its autorized.
>
> The guest must go only in the internet and not in the intranet.
>
> The guest have un private NET in a private Vlan, but from PF and
> internet have many hops e many network .
>
> And the guest now can view all the net .
>
> the guest crosses several networks without firewalls and in these, for
> example, there is the corporate DNS, various MS Domain controllers and
> other things that must not be able to access.
>
> Basically I should enable the requests to the various dns and related
> responses but then block a whole net / 8. I tried to do ACLs on WLCs
> but they are a little weird and dangerous and if I'm wrong I could do
> the company disservice. how can I do ??
>
> Client ----10.122.250./24---
> PF--10.255.60.0/24-----Hop---hop-Firewall-----firewall---Router--AS
> Internet
>
> The Guest can view the net 10.2550.60.0/24 and other net since to the
> first firewall..
>
> Who can see me how to make an simple firewall config for iptables.conf ??
>
> Thank's
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic