Hello, how can I make some custom filters rules by user on the hotspot? where to put the jump?
Regards,
Fran
Re: Hotspot filtering.
You can define the chain to jump to for hotspot user filtering in the hotspot user profil ("incoming filter"/"outgoing filter").
Best regards,
Christian Meis
Best regards,
Christian Meis
Re: Hotspot filtering.
Thanks Chris, but I tried that and didn't work for some reason, this is my config.
Hotspot:
/ ip hotspot
add name="OSM-HOTSPOT" interface=bridge1 address-pool=OMC-POOL profile=hsprof1 idle-timeout=none keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=192.168.111.1 dns-name="test" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user
add server=OSM-HOTSPOT name="fran" password="123456" profile=fran comment="" disabled=no
add server=OSM-HOTSPOT name="ricardo" password="123456" profile=default comment="" disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
add name="fran" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 outgoing-filter="blocksite" transparent-proxy=yes open-status-page=always advertise=no
add name="ricardo" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
/ ip hotspot walled-garden
add server=OSM-HOTSPOT method="" action=deny comment="" disabled=no
------------------
as you can see i have two profiles with two users, i am trying to block on one user a single site with the filter "blocksite"
Firewall:
0 D chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth
1 D chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to
2 D chain=hs-input action=jump jump-target=pre-hs-input
3 D chain=hs-input protocol=udp dst-port=64872 action=accept
4 D chain=hs-input protocol=tcp dst-port=64872-64875 action=accept
5 D chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth
6 D chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset
7 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited
8 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
9 ;;; Custom block site
chain=forward action=jump jump-target=blocksite
10 chain=blocksite dst-address=200.200.200.1 hotspot=from-client,!auth action=drop
Hotspot:
/ ip hotspot
add name="OSM-HOTSPOT" interface=bridge1 address-pool=OMC-POOL profile=hsprof1 idle-timeout=none keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=192.168.111.1 dns-name="test" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user
add server=OSM-HOTSPOT name="fran" password="123456" profile=fran comment="" disabled=no
add server=OSM-HOTSPOT name="ricardo" password="123456" profile=default comment="" disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
add name="fran" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 outgoing-filter="blocksite" transparent-proxy=yes open-status-page=always advertise=no
add name="ricardo" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
/ ip hotspot walled-garden
add server=OSM-HOTSPOT method="" action=deny comment="" disabled=no
------------------
as you can see i have two profiles with two users, i am trying to block on one user a single site with the filter "blocksite"
Firewall:
0 D chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth
1 D chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to
2 D chain=hs-input action=jump jump-target=pre-hs-input
3 D chain=hs-input protocol=udp dst-port=64872 action=accept
4 D chain=hs-input protocol=tcp dst-port=64872-64875 action=accept
5 D chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth
6 D chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset
7 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited
8 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
9 ;;; Custom block site
chain=forward action=jump jump-target=blocksite
10 chain=blocksite dst-address=200.200.200.1 hotspot=from-client,!auth action=drop
You can define the chain to jump to for hotspot user filtering in the hotspot user profil ("incoming filter"/"outgoing filter").
Best regards,
Christian Meis