Hotspot filtering.

Fran66 · July 19, 2007, 8:33pm

Hello, how can I make some custom filters rules by user on the hotspot? where to put the jump?

Regards,
Fran

cmit · July 20, 2007, 6:10am

You can define the chain to jump to for hotspot user filtering in the hotspot user profil (“incoming filter”/“outgoing filter”).

Best regards,
Christian Meis

Fran66 · July 20, 2007, 6:38am

Thanks Chris, but I tried that and didn’t work for some reason, this is my config.

Hotspot:

/ ip hotspot
add name=“OSM-HOTSPOT” interface=bridge1 address-pool=OMC-POOL profile=hsprof1 idle-timeout=none keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=“default” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name=“hsprof1” hotspot-address=192.168.111.1 dns-name=“test” html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user
add server=OSM-HOTSPOT name=“fran” password=“123456” profile=fran comment=“” disabled=no
add server=OSM-HOTSPOT name=“ricardo” password=“123456” profile=default comment=“” disabled=no
/ ip hotspot user profile
set default name=“default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
add name=“fran” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 outgoing-filter=“blocksite” transparent-proxy=yes open-status-page=always advertise=no
add name=“ricardo” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
/ ip hotspot walled-garden
add server=OSM-HOTSPOT method=“” action=deny comment=“” disabled=no

as you can see i have two profiles with two users, i am trying to block on one user a single site with the filter “blocksite”

Firewall:

0 D chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth

1 D chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to

2 D chain=hs-input action=jump jump-target=pre-hs-input

3 D chain=hs-input protocol=udp dst-port=64872 action=accept

4 D chain=hs-input protocol=tcp dst-port=64872-64875 action=accept

5 D chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth

6 D chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset

7 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited

8 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited

9 ;;; Custom block site
chain=forward action=jump jump-target=blocksite

10 chain=blocksite dst-address=200.200.200.1 hotspot=from-client,!auth action=drop