General Notes


  • initially block all traffic except DNS and forced HTTP redirection
  • on login through web-GUI (separate todo), IPC to access control module to allow IP address or IP/MAC tuple through firewall
  • each IP/tuple may have a per-period quota, lifetime quota, up and down speed min/max, per-period time limit, timeout, simultaneous logins
  • poller (or other method) to remove rules on timeout, and update quota amounts
  • allow to bump a tuple (force logoff)
  • allow client whitelist/blacklist (MAC/IP)
  • allow destination whitelist (website)

Account properties

  • data quota
    • period data quota (eg. daily)
    • total data quota
  • up/down speed limit
  • time quota
    • total time quota
    • period time quota
  • num logins quota
    • per period
    • total
    • simultaneous
  • inactivity timeout
  • account expiry
    • from first use
    • from last use
    • hard time
  • fixed MAC
    • w/wo autologin
  • device is a single consumer (eg. tablet, phone, computer)
  • account is a account unit, which controls devices
  • can have device template which is automatically created on login
  • account groups group accounts administratively
  • can have account templates

Module list

  • access (IPTables, tc)
  • AAA (MySQL backend)
  • frontend (PHP)

on login

  • frontend authorizes via AAA module
  • frontend enables via AAA module
  • AAA enables access via access module
  • frontend gets display data from AAA module
  • access feeds data to AAA module
  • AAA module deauth's via access
general.txt · Last modified: 2013/01/24 03:02 by admin
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki