Endwall
08/27/2022 (Sat) 13:23
No.1808
del
I have to make a nft model for static wireless + static wired connections for nft_wifi, and then rename the current nft_wifi model to nft_wifi_roam.
The use cases are as follows:
1) Wired only desktop computer connection with 1 interface for wired ethernet in your home connected to your LAN, which supplies DHCP with a static ipv4 address. -> (endwall.sh, endwall_nft.sh endwall_pf.sh)
2) You have a wired LAN router and a wireless LAN router both supplying static ipv4 DHCP addresses to your internal network. -> (endwall_wifi.sh, endwall_nft_wifi.sh, endwall_pf_wifi.sh).
3) You have a Laptop you use in your internal network, wired, and or wireless, but you sometimes take it with you to school, or to a coffee shop and require the wireless connection to allow roaming connections to randomly assigned DHCP addresses. Also useful for investigating the networks of neighborhood wifi networks in your vicinity . -> (endwall_nft_wifi_roam.sh, endwall_pf_wifi_roam.sh)
4) You have a laptop and you want to plug it in to ethernet anywhere you can get a DHCP address (school, the library, your friend's house), and also use wifi on any wireless network (school, library, coffee shop, friend's house) and both get a randomly assigned DHCP ipv4 address, without re-running the firewall. -> (endwall_nft_roam.sh, endwall_pf_roam.sh).
The security decreases as you go from 1)->2)->3)->4). Best practice is 1) no wifi, only wired connections on desktop computers, no wireless interfaces, and connections in your own LAN network using static ip assignment from the router with mac address binding. Next best is 2) only use your own wifi, in you internal network as well as wired on your own LAN with static IP. 3) You have static ethernet and WIFI LAN at home, but sometimes you bring the laptop to school and need to connect to a randomly assigned ipv4 address on their WIFI without re-running the firewall rules, or you are at home and want to connect to or investigate local neighborhood wifi networks without re-running the firewall. 4) You want to be able to plug in to any ethernet jack anywhere (school,library, friend's house), and use any coffee shop WIFI but only for allowed/selected ports.
I'll work on creating the nft_wifi_roam and nft_wifi models sometime next week. School is starting in 2 weeks, so I have to wrap these projects up before the session starts. I'll be too busy to do anything consistent once the semester starts up, other than some maintenance and bug fixes as I find them. I'll do what I can, on Fridays and Saturdays during school, but I'm going to be busy with school assignments and studying.
Let me know if these are working for you. Post bug reports, comments or requests below. Thanks.