Closed n3vu0r closed 1 year ago
If Gargoyle is not the DHCP provider, this is currently "not a bug" and more of a feature request.
Guest wifi blocks all access to the network except for port 67 (DHCP) ans 53 (DNS) to Gargoyle ONLY. The guest network is treated as hostile.
Ah, I see. Yes, that is the case, Gargoyle is not the DHCP provider. I assume DNS is still working then as long as Gargoyle knows about DNS servers.
So, for DHCP and DHCPv6, two form inputs for an IPv4 and IPv6 address would be needed to allow discovery broadcasts of potentially hostile clients to be received only by these two whitelisted addresses? I assume ARP and NDP is not a good idea then and probably already blocked by not allowing ICMP and ICMPv6?
Yes something like that. Its controlled by the function here: https://github.com/ericpaulbishop/gargoyle/blob/master/package/gargoyle-firewall-util/files/gargoyle_firewall_util.sh#L662 In particular L681 drops all forwarded traffic. You could add some ACCEPT rules (and make sure they are in the right order so the DROP is last).
If you wanted to try that and let me know how you go, i can look at whether it can be included as a feature.
Thanks, I think I understand how it works. Maybe this weekend I can try some rules.
Discussion on the Gargoyle forum: https://www.gargoyle-router.com/phpbb/viewtopic.php?t=12249&start=10
This was fixed as of https://github.com/ericpaulbishop/gargoyle/commit/a35af31a57a1ce44d6bd64a72e633f5400b29f5d Please close the issue
This is great, thanks!
In master branch DHCP doesn't work when connecting to guest Wi-Fi. Setting up IP address, gateway, and so on manually on client side still doesn't allow connections.