Re: [lime-users] Failure of security in community networks in Brazil

Hi Nicolas, Thank you for answered, I try restrict access to DNS like it said here (https://wiki.openwrt.org/doc/howto/wireless.hotspot.nodogsplash), I put this line in /etc/config/nodogsplash list preauthenticated_users 'allow udp port 53 to 208.67.222.222' list preauthenticated_users 'allow udp port 53 to 208.67.220.220' But its doesn't work. I am not sure, but I think the packages are being accepted before this rules apply. I try put some rules in /etc/config/firewall but it doesn't work too. How is the right way for put some rules for port 22 in libremesh system? Em 2018-06-03 10:17, Nicolas Pace escreveu: > You could try to filter packages to the port 21 other than the > routers. > That way they would need to go through your dns... Making it reeeally > slow for them. > Also you can limit the size of dns packets in openwrt to ensure they > don't have too much bandwidth through your dns. > > On June 3, 2018 7:47:22 AM CDT, Hiure Queiroz <hiure(a)riseup.net> > wrote: > >> Hello World! >> >> My name is Hiure, I am a member of coolab ( coolab.org). This is the >> first time I write to this list , I am a beginner on administrate >> networks and configure equipments. >> >> By initiative from COOLAB we are starting a few community networks >> around Brazil. One of them is where I live , in a rural community >> in >> the city of Monteiro Lobato, State of São Paulo. Here we start >> since the >> creation of a association to formalize the communitary network and >> create a model to guide on the other COOLAB installations. >> >> We arre using the last version of libremesh , cooking it in the >> cooker. >> As we still in a test phase we have only six nodes , the gateway is >> a >> tplink wdr3500. With a captive portal, we are running this adapt >> version >> to nodogsplash (http://wiki.coolab.org/index.). This system is >> fundamental to keep the network sustainable, without it we can not >> finance the connection and technical support for the network. >> >> The problem is, in the last months some people found a way to hack >> this >> system. What I understood so far: There is a cellphone app that >> create >> tunnels for diferent ports and instead of swap packages DNS it >> tunell >> all the packages by there. I know just a few things about how >> firewall, >> iptables, ebtables, etc, i have been studying it in the last months >> , >> but it seens much more complicated because it look that in >> libremesh, >> with so many interfaces, its get hard to understand and to execute a >> rule that can solve this problem. >> >> If someone can help me with some tips on t do it , or sending some >> material where I can study to understand better this questions, it >> would be great >> >> bests >> Hiure >> >> ------------------------- >> >> lime-users mailing list >> lime-users(a)lists.libremesh.org >> https://lists.libremesh.org/mailman/listinfo/lime-users > > -- > Enviado desde mi dispositivo Android con K-9 Mail. Por favor, disculpa > mi brevedad.