Upgrade wifidog to 1.1.5 (#3667)

git-svn-id: svn://svn.openwrt.org/openwrt/packages@11656 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/wifidog/Makefile

@@ -9,12 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidog
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.1.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= @SF/$(PKG_NAME)
-PKG_MD5SUM:=daa4f492dd6acafe0a7127d07633aca5
+PKG_MD5SUM:=abe5f7123179a0f08c493ce59fb3cb31
 
 PKG_FIXUP = libtool
 
@@ -30,9 +30,9 @@ define Package/wifidog
 endef
 
 define Package/wifidog/description
-	The Wifidog project is a complete and embeddable captive 
-	portal solution for wireless community groups or individuals 
-	who wish to open a free Hotspot while still preventing abuse 
+	The Wifidog project is a complete and embeddable captive
+	portal solution for wireless community groups or individuals
+	who wish to open a free Hotspot while still preventing abuse
 	of their Internet connection.
 endef
 

net/wifidog/files/wifidog.conf

@@ -1,13 +1,15 @@
-# $Header$
+# $Id$
 # WiFiDog Configuration file
 
 # Parameter: GatewayID
 # Default: default
-# Optional but essential for monitoring purposes
+# Optional
 #
-# Set this to the template ID on the auth server
-# this is used to give a customized login page to the clients
-# If none is supplied, the default login page will be used.
+# Set this to the node ID on the auth server
+# this is used to give a customized login page to the clients and for
+# monitoring/statistics purpose
+# If none is supplied, the mac address of the GatewayInterface interface will be used,
+# without the : separators
 
 GatewayID default
 
@@ -15,7 +17,9 @@ GatewayID default
 # Default: NONE
 # Optional
 #
-# Set this to the external interface.  Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
+# Set this to the external interface (the one going out to the Inernet or your larger LAN).  
+# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
+# Normally autodetected
 
 # ExternalInterface eth0
 
@@ -23,7 +27,8 @@ GatewayID default
 # Default: NONE
 # Mandatory
 #
-# Set this to the internal interface.    Typically br-lan for OpenWrt, and eth1 otherwise
+# Set this to the internal interface (typically your wifi interface).    
+# Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise
 
 GatewayInterface br-lan
 
@@ -31,33 +36,28 @@ GatewayInterface br-lan
 # Default: Find it from GatewayInterface
 # Optional
 #
-# Set this to the internal IP address of the gateway
+# Set this to the internal IP address of the gateway.  Not normally required.
 
 # GatewayAddress 192.168.1.1
 
-# Parameter: AuthServMaxTries
-# Default: 1
-# Optional
-#
-# Sets the number of auth servers the gateway will attempt to contact when a request fails.
-# this number should be equal to the number of AuthServer lines in this
-# configuration but it should probably not exceed 3.
-
-# AuthServMaxTries 3
-
 # Parameter: AuthServer
 # Default: NONE
-# Mandatory
+# Mandatory, repeatable
 #
-# Set this to the hostname or IP of your auth server, the path where
-# WiFiDog-auth resides  and optionally as a second argument, the port it
-# listens on.
+# This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds.
+# Set this to the hostname or IP of your auth server(s), the path where
+# WiFiDog-auth resides in and the port it listens on.
 #AuthServer {
-#	Hostname      (Mandatory; Default: NONE)
-#	SSLAvailable  (Optional; Default: no; Possible values: yes, no)
-#	SSLPort 443   (Optional; Default: 443)
-#	HTTPPort 80   (Optional; Default: 80)
-#	Path wifidog/ (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
+#	Hostname                 (Mandatory; Default: NONE)
+#	SSLAvailable             (Optional; Default: no; Possible values: yes, no)
+#	SSLPort                  (Optional; Default: 443)
+#	HTTPPort                 (Optional; Default: 80)
+#	Path                     (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
+#   LoginScriptPathFragment  (Optional; Default: login/? Note:  This is the script the user will be sent to for login.)
+#   PortalScriptPathFragment (Optional; Default: portal/? Note:  This is the script the user will be sent to after a successfull login.)
+#   MsgScriptPathFragment    (Optional; Default: gw_message.php? Note:  This is the script the user will be sent to upon error to read a readable message.)
+#   PingScriptPathFragment    (Optional; Default: ping/? Note:  This is the script the user will be sent to upon error to read a readable message.)
+#   AuthScriptPathFragment    (Optional; Default: auth/? Note:  This is the script the user will be sent to upon error to read a readable message.)
 #}
 
 #AuthServer {
@@ -72,12 +72,6 @@ GatewayInterface br-lan
 #    Path /
 #}
 
-#AuthServer {
-#    Hostname auth3.ilesansfil.org
-#    SSLAvailable yes
-#    Path /
-#}
-
 # Parameter: Daemon
 # Default: 1
 # Optional
@@ -110,7 +104,12 @@ GatewayInterface br-lan
 # Default: 60
 # Optional
 #
-# How many seconds should we wait between timeout checks
+# How many seconds should we wait between timeout checks.  This is also
+# how often the gateway will ping the auth server and how often it will
+# update the traffic counters on the auth server.  Setting this too low
+# wastes bandwidth, setting this too high will cause the gateway to take 
+# a long time to switch to it's backup auth server(s).
+
 CheckInterval 60
 
 # Parameter: ClientTimeout
@@ -121,6 +120,14 @@ CheckInterval 60
 # The timeout will be INTERVAL * TIMEOUT
 ClientTimeout 5
 
+# Parameter: TrustedMACList
+# Default: none
+# Optional
+#
+# Comma separated list of MAC addresses who are allowed to pass
+# through without authentication
+#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
+
 # Parameter: FirewallRuleSet
 # Default: none
 # Mandatory
@@ -135,18 +142,28 @@ ClientTimeout 5
 # Rule Set: global
 # 
 # Used for rules to be applied to all other rulesets except locked.
-# This is the default config for the Teliphone service.
 FirewallRuleSet global {
-    FirewallRule allow udp to 69.90.89.192/27
-    FirewallRule allow udp to 69.90.85.0/27
-    FirewallRule allow tcp port 80 to 69.90.89.205
+    ## To block SMTP out, as it's a tech support nightmare, and a legal liability
+    #FirewallRule block tcp port 25
+    
+    ## Use the following if you don't want clients to be able to access machines on 
+    ## the private LAN that gives internet access to wifidog.  Note that this is not
+    ## client isolation;  The laptops will still be able to talk to one another, as
+    ## well as to any machine bridged to the wifi of the router.
+    # FirewallRule block to 192.168.0.0/16
+    # FirewallRule block to 172.16.0.0/12
+    # FirewallRule block to 10.0.0.0/8
+    
+    ## This is an example ruleset for the Teliphone service.
+    #FirewallRule allow udp to 69.90.89.192/27
+    #FirewallRule allow udp to 69.90.85.0/27
+    #FirewallRule allow tcp port 80 to 69.90.89.205
 }
 
 # Rule Set: validating-users
 #
 # Used for new users validating their account
 FirewallRuleSet validating-users {
-    FirewallRule block tcp port 25
     FirewallRule allow to 0.0.0.0/0
 }
 
@@ -171,7 +188,7 @@ FirewallRuleSet unknown-users {
 
 # Rule Set: locked-users
 #
-# Used for users that have been locked out.
+# Not currently used
 FirewallRuleSet locked-users {
     FirewallRule block to 0.0.0.0/0
 }