xhaoxing文件id:6d7d80c2dfc77af1e6192e5ee29b381c
splash.html
<!DOCTYPE html>
<html lang="en">
<head>
<!--响应式布局 1.在 meta 中声明 viewport 元标签-->
<!--视口宽度设置为设备宽度,视口不能缩放-->
<meta charset="UTF-8" name="viewport" content="width=device-width, initial-scale=1.0">
<title>$gatewayname</title>
<!--引入Google font,配合CSS的font-family-->
<link href="https://fonts.font.im/css?family=Poppins:600" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
<!--引入fontawesome的css,引入kit的js图标不能正常显示-->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
<!--左侧wave图,在-1层-->
<img src="img/wave.png" alt="" class="wave">
<!--第0层的容器-->
<div class="container">
<!--左侧的图片,来自undraw.co-->
<div class="img">
<img src="img/img.svg" alt="img">
</div>
<!--右侧的登录区-->
<div class="login-container">
<form id="sett">
<!--用户头像示例-->
<img class="avatar" src="img/avatar.svg" alt="avatar">
<h2>你好!请登录使用WIFI !您的IP为: $clientip</h2>
<!--用户名-->
<div class="input-div one">
<div class="i">
<!--使用官网建议的fas仅能显示方框,改成老版本的fa可以正常显示图标-->
<i class="fa fa-user"></i>
</div>
<div>
<h5>Username</h5>
<input type="text" class="input" id="username">
</div>
</div>
<!--密码框-->
<div class="input-div two">
<div class="i">
<i class="fa fa-lock"></i>
</div>
<div>
<h5>Password</h5>
<input type="password" class="input" id="passwd">
</div>
</div>
<!--忘记密码-->
<a href="forgot.html">Forgot Password?</a>
<!--提交按钮-->
<input type="button" class="btn" value="Login" onclick="login()">
</form>
<form id="authform" method="get" action="$authaction" hidden>
<img class="avatar" src="img/avatar.svg" alt="avatar">
<h2>登录成功!欢迎使用WIFI !您的IP为: $clientip</h2>
<input type="hidden" name="tok" value="$tok">
<input type="hidden" name="redir" value="$redir">
<input type="submit" class="btn" value="登录成功!点击开始上网...">
</form>
</div>
</div>
<script type="text/javascript" src="js/main.js"></script>
<script type="text/javascript">
let accountAll = [{ // 存储账户json数据的数组
username: 1,
passwd: '1'
},
{
username: 456,
passwd: 'asd'
},
{
username: 789,
passwd: 'zxc'
}
]
function login() { //登陆判断
let username = document.getElementById('username').value;
let passwd = document.getElementById('passwd').value;
let account = accountAll.filter(function(e) {
return e.username == username
})[0]; // 筛选账号返回数组,不存在则返回空数组
if (!account) {
alert('账户不存在');
} else {
if (account.username == username && account.passwd == passwd) {
// alert('登陆成功');
var text_2=document.getElementById("authform");
text_2.removeAttribute("hidden");
sett.setAttribute("hidden",true);
// authform.removeAttribute('hidden');
// window.location.href="ok.html";
} else {
alert('密码错误');
}
}
}
function doClear() { //获取页面所有的input框,是text和password框,内容=空串
let inputs = document.getElementsByTagName("input");
for (let i = 0; i < inputs.length; i++) {
if (inputs[i].type == 'text' || inputs[i].type == 'password') {
inputs[i].value = '';
}
}
}
//给清除按钮增加onclick事件
let btnClear = document.getElementById('btnClear');
btnClear.addEventListener('click', function() {
doClear();
});
</script>
</body>
</html>status.html
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="/images/splash.jpg" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="/splash.css">
<title>$gatewayname Hotspot Gateway Status</title>
<!--
Status:
The Status page is served to a client if they are already authenticated.
This may occur if the client user selects "Back" on the CPD browser
screen after they have successfully authenticated.
The same template variables are available as for the splash page.
-->
</head>
<body>
<div class="offset">
<med-blue>$gatewayname Hotspot Gateway.</med-blue>
<div class="insert">
<br>
<img src="/images/splash.jpg" alt="You are already logged in and have access to the Internet.">
<hr>
<p><big-red>You are already logged in and have access to the Internet.</big-red></p>
<hr>
<p><italic-black>You can use your Browser, Email and other network Apps as you normally would.</italic-black></p>
<hr>
<copy-right>Copyright © The Nodogsplash Contributors 2004-2019.<br>This software is released under the GNU GPL license.</copy-right>
</div></div>
</body>
</html>ok.html
<!DOCTYPE html>
<html lang="en">
<head>
<!--响应式布局 1.在 meta 中声明 viewport 元标签-->
<!--视口宽度设置为设备宽度,视口不能缩放-->
<meta charset="UTF-8" name="viewport" content="width=device-width, initial-scale=1.0">
<title>Responsive Animated Login Form</title>
<!--引入Google font,配合CSS的font-family-->
<link href="https://fonts.font.im/css?family=Poppins:600" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
<!--引入fontawesome的css,引入kit的js图标不能正常显示-->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
<!--左侧wave图,在-1层-->
<img src="img/wave.png" alt="" class="wave">
<!--第0层的容器-->
<div class="container">
<!--左侧的图片,来自undraw.co-->
<div class="img">
<img src="img/img.svg" alt="img">
</div>
<!--右侧的登录区-->
<div class="login-container">
<form action="index.html" method="get" action="$authaction">
<!--用户头像示例-->
<img class="avatar" src="img/avatar.svg" alt="avatar">
<h2>Welcome</h2>
<!--用户名-->
<input type="hidden" name="tok" value="$tok">
<input type="hidden" name="redir" value="$redir">
<input type="submit" class="btn" value="登录成功!点击开始上网...">
</form>
</div>
</div>
<script type="text/javascript" src="js/main.js"></script>
</body>
</html>forgot.html
<!DOCTYPE html>
<html lang="en">
<head>
<!--响应式布局 1.在 meta 中声明 viewport 元标签-->
<!--视口宽度设置为设备宽度,视口不能缩放-->
<meta charset="UTF-8" name="viewport" content="width=device-width, initial-scale=1.0">
<title>Responsive Animated Login Form</title>
<!--引入Google font,配合CSS的font-family-->
<link href="https://fonts.font.im/css?family=Poppins:600" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
<!--引入fontawesome的css,引入kit的js图标不能正常显示-->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
<!--左侧wave图,在-1层-->
<img src="img/wave.png" alt="" class="wave">
<!--第0层的容器-->
<div class="container">
<!--左侧的图片,来自undraw.co-->
<div class="img">
<img src="img/img.svg" alt="img">
</div>
<!--右侧的登录区-->
<div class="login-container">
<form action="index.html" method="get" action="$authaction">
<!--用户头像示例-->
<img class="avatar" src="img/avatar.svg" alt="avatar">
<h2>忘记密码?</h2>
<!--用户名-->
<input type="hidden" name="tok" value="$tok">
<input type="hidden" name="redir" value="$redir">
<input type="submit" class="btn" value="忘记密码请联系管理员!">
</form>
</div>
</div>
<script type="text/javascript" src="js/main.js"></script>
</body>
</html>
配置文件
#此文件放在这里:/etc/nodogsplash
#https://oldwiki.archive.openwrt.org/doc/howto/wireless.hotspot.nodogsplash
#
# Nodogsplash Configuration File
#在/etc/config/nodogsplash里面启用:
#启用option enabled 1
#启用option config '/etc/nodogsplash/nodogsplash.conf'
# Parameter: GatewayInterface
# Default: NONE
#
# GatewayInterface is not autodetected, has no default, and must be set here.
# Set GatewayInterface to the interface on your router
# that is to be managed by Nodogsplash.
# Typically br0 for the wired and wireless lan on OpenWrt White Russian.
# May be br-lan on OpenWrt Kamikaze.
#
GatewayInterface wlan0
# FirewallRuleSet: authenticated-users
#
# Control access for users after authentication.
# These rules are inserted at the beginning of the
# FORWARD chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# have authenticated with Nodogsplash, and that are
# destined to be routed through the router. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, an authenticated
# packet that does not match any rule is rejected.
# N.B.: This ruleset is completely independent of
# the preauthenticated-users ruleset.
#
FirewallRuleSet authenticated-users {
# You may want to open access to a machine on a local
# subnet that is otherwise blocked (for example, to
# serve a redirect page; see RedirectURL). If so,
# allow that explicitly here, e.g:
# FirewallRule allow tcp port 80 to 192.168.254.254
# Your router may have several interfaces, and you
# probably want to keep them private from the GatewayInterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
#FirewallRule block to 192.168.0.0/16
#FirewallRule block to 10.0.0.0/8
# Typical ports you will probably want to open up include
# 53 udp and tcp for DNS,
# 80 for http,
# 443 for https,
# 22 for ssh:
#FirewallRule allow tcp port 53
#FirewallRule allow udp port 53
#FirewallRule allow tcp port 80
#FirewallRule allow tcp port 443
#FirewallRule allow tcp port 22
FirewallRule allow all
}
# end FirewallRuleSet authenticated-users
# FirewallRuleSet: preauthenticated-users
#
# Control access for users before authentication.
# These rules are inserted in the PREROUTING chain
# of the router's nat table, and in the
# FORWARD chain of the router's filter table.
# These rules apply to packets that have come in to the
# router over the GatewayInterface from MAC addresses that
# are not on the BlockedMACList or TrustedMACList,
# are *not* authenticated with Nodogsplash. The rules are
# considered in order, and the first rule that matches
# a packet applies to it. A packet that does not match
# any rule here is rejected.
# N.B.: This ruleset is completely independent of
# the authenticated-users and users-to-router rulesets.
#
FirewallRuleSet preauthenticated-users {
# For preauthenticated users to resolve IP addresses in their initial
# request not using the router itself as a DNS server,
# you probably want to allow port 53 udp and tcp for DNS.
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
# For splash page content not hosted on the router, you
# will want to allow port 80 tcp to the remote host here.
# Doing so circumvents the usual capture and redirect of
# any port 80 request to this remote host.
# Note that the remote host's numerical IP address must be known
# and used here.
# FirewallRule allow tcp port 80 to 123.321.123.321
}
# end FirewallRuleSet preauthenticated-users
# FirewallRuleSet: users-to-router
#
# Control access to the router itself from the GatewayInterface.
# These rules are inserted at the beginning of the
# INPUT chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# are not on the TrustedMACList, and are destined for
# the router itself. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, a
# packet that does not match any rule is rejected.
#
FirewallRuleSet users-to-router {
# Nodogsplash automatically allows tcp to GatewayPort,
# at GatewayAddress, to serve the splash page.
# However you may want to open up other ports, e.g.
# 53 for DNS and 67 for DHCP if the router itself is
# providing these services.
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
# You may want to allow ssh, http, and https to the router
# for administration from the GatewayInterface. If not,
# comment these out.
FirewallRule allow tcp port 22
FirewallRule allow tcp port 23
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
}
# end FirewallRuleSet users-to-router
# EmptyRuleSetPolicy directives
# The FirewallRuleSets that NoDogSplash permits are:
#
# authenticated-users
# preauthenticated-users
# users-to-router
# trusted-users
# trusted-users-to-router
#
# For each of these, an EmptyRuleSetPolicy can be specified.
# An EmptyRuleSet policy applies to a FirewallRuleSet if the
# FirewallRuleSet is missing from this configuration file,
# or if it exists but contains no FirewallRules.
#
# The possible values of an EmptyRuleSetPolicy are:
# allow -- packets are accepted
# block -- packets are rejected
# passthrough -- packets are passed through to pre-existing firewall rules
#
# Default EmptyRuleSetPolicies are set as follows:
# EmptyRuleSetPolicy authenticated-users passthrough
# EmptyRuleSetPolicy preauthenticated-users block
# EmptyRuleSetPolicy users-to-router block
# EmptyRuleSetPolicy trusted-users allow
# EmptyRuleSetPolicy trusted-users-to-router allow
# Parameter: GatewayName
# Default: NoDogSplash
#
# Set GatewayName to the name of your gateway. This value
# will be available as variable $gatewayname in the splash page source
# and in status output from ndsctl, but otherwise doesn't matter.
# If none is supplied, the value "NoDogSplash" is used.
#
# GatewayName NoDogSplash
# Parameter: GatewayAddress
# Default: Discovered from GatewayInterface
#
# This should be autodetected on an OpenWRT system, but if not:
# Set GatewayAddress to the IP address of the router on
# the GatewayInterface. This is the address that the Nodogsplash
# server listens on.
#
# GatewayAddress 192.168.1.1
# Parameter: ExternalInterface
# Default: Autodetected from /proc/net/route
#
# This should be autodetected on a OpenWRT system, but if not:
# Set ExtrnalInterface to the 'external' interface on your router,
# i.e. the one which provides the default route to the internet.
# Typically vlan1 for OpenWRT.
#
# ExternalInterface vlan1
# Parameter: RedirectURL
# Default: none
#
# After authentication, normally a user is redirected
# to their initially requested page.
# If RedirectURL is set, the user is redirected to this URL instead.
#
#登录后跳转地址
RedirectURL https://www.bilibili.com/
# Parameter: GatewayPort
# Default: 2050
#
# Nodogsplash's own http server uses GatewayAddress as its IP address.
# The port it listens to at that IP can be set here; default is 2050.
#
# GatewayPort 2050
# Parameter: MaxClients
# Default: 20
#
# Set MaxClients to the maximum number of users allowed to
# connect at any time. (Does not include users on the TrustedMACList,
# who do not authenticate.)
#
# MaxClients 20
# ClientIdleTimeout
# Parameter: ClientIdleTimeout
# Default: 10
#
# Set ClientIdleTimeout to the desired of number of minutes
# of inactivity before a user is automatically 'deauthenticated'.
#
# ClientIdleTimeout 10
# Parameter: ClientForceTimeout
# Default: 360
#
# Set ClientForceTimeout to the desired number of minutes before
# a user is automatically 'deauthenticated', whether active or not
#
#验证过期时间:
ClientForceTimeout 360
# Parameter: AuthenticateImmediately
# Default: no
#
# Set to yes (or true or 1), to immediately authenticate users
# who make a http port 80 request on the GatewayInterface (that is,
# do not serve a splash page, just redirect to the user's request,
# or to RedirectURL if set).
#
# AuthenticateImmediately no
# Parameter: MACMechanism
# Default: block
#
# Either block or allow.
# If 'block', MAC addresses on BlockedMACList are blocked from
# authenticating, and all others are allowed.
# If 'allow', MAC addresses on AllowedMACList are allowed to
# authenticate, and all other (non-trusted) MAC's are blocked.
#
# MACMechanism block
# Parameter: BlockedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will be completely blocked
# from the GatewayInterface. Ignored if MACMechanism is allow.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D
# Parameter: AllowedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will not be completely
# blocked from the GatewayInterface. Ignored if MACMechanism is block.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# AllowedMACList 00:00:12:34:56:78
# Parameter: TrustedMACList
# Default: none
#
# Comma-separated list of MAC addresses who are not subject to
# authentication, and are not restricted by any FirewallRuleSet.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D
# Parameter: PasswordAuthentication
# Default: no
# Set to yes (or true or 1), to require a password matching
# the Password parameter to be supplied when authenticating.
#
#
# PasswordAuthentication no
# Parameter: Password
# Default: none
# Whitespace delimited string that is compared to user-supplied
# password when authenticating.
#
#
# Password nodog
# Parameter: UsernameAuthentication
# Default: no
# Set to yes (or true or 1), to require a username matching
# the Username parameter to be supplied when authenticating.
#
#
# UsernameAuthentication no
# 用户名认证号
# 参数:用户名
# 默认值:无
# 与用户提供的空格分隔的字符串
# 验证时的用户名。
# Parameter: Username
# Default: none
# Whitespace delimited string that is compared to user-supplied
# username when authenticating.
#
#
#Username guest
# 用户名客人
# 参数:PasswordAttempts
# 默认值:5
# 之前失败的密码/用户名输入的整数
# 用户被迫重新认证。
# Parameter: PasswordAttempts
# Default: 5
# Integer number of failed password/username entries before
# a user is forced to reauthenticate.
#
#
# PasswordAttempts 5
# Parameter: TrafficControl
# Default: no
#
# Set to yes (or true or 1), to enable traffic control in Nodogsplash.
#
# TrafficControl no
# Parameter: DownloadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum download
# speed to the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 768 kbit
# download speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 384.
# A value of 0 means no download limiting is done.
#
# DownloadLimit 384
# Parameter: UploadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum upload
# speed from the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 128 kbit
# upload speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 64.
# A value of 0 means no upload limiting is done.
#
# UploadLimit 64
# Paramter: GatewayIPRange
# Default: 0.0.0.0/0
#
# By setting this parameter, you can specify a range of IP addresses
# on the GatewayInterface that will be responded to and managed by
# Nodogsplash. Addresses outside this range do not have their packets
# touched by Nodogsplash at all.
# Defaults to 0.0.0.0/0, that is, all addresses.
#
# GatewayIPRange 0.0.0.0/0
etc/config
# The options available here are an adaptation of the settings used in nodogsplash.conf.
# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
config nodogsplash
# Set to 0 to disable nodogsplash
option enabled 1
# Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
# This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
option fwhook_enabled '1'
# WebRoot
# Default: /etc/nodogsplash/htdocs
#
# The local path where the splash page content resides.
# ie. Serve the file splash.html from this directory
#option webroot '/etc/nodogsplash/htdocs'
# Use plain configuration file
option config '/etc/nodogsplash/nodogsplash.conf'
# Use this option to set the device nodogsplash will bind to.
# The value may be an interface section in /etc/config/network or a device name such as br-lan.
option gatewayinterface 'br-lan'
# GatewayPort
# Default: 2050
#
# Nodogsplash's own http server uses gateway address as its IP address.
# The port it listens to at that IP can be set here; default is 2050.
#
#option gatewayport '2050'
option gatewayname 'OpenWrt Nodogsplash'
option maxclients '250'
# Enables debug output (0-3)
#option debuglevel '1'
# Client timeouts in minutes
option preauthidletimeout '30'
option authidletimeout '120'
# Session Timeout is the interval after which clients are forced out (a value of 0 means never)
option sessiontimeout '1200'
# The interval in seconds at which nodogsplash checks client timeout status
option checkinterval '600'
# Enable BinAuth Support.
# If set, a program is called with several parameters on authentication (request) and deauthentication.
# Request for authentication:
# $<BinAuth> auth_client <client_mac> '<username>' '<password>'
#
# The username and password values may be empty strings and are URL encoded.
# The program is expected to output the number of seconds the client
# is to be authenticated. Zero or negative seconds will cause the authentification request
# to be rejected. The same goes for an exit code that is not 0.
# The output may contain a user specific download and upload limit in KBit/s:
# <seconds> <upload> <download>
#
# Called on authentication or deauthentication:
# $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end>
#
# "client_auth": Client authenticated via this script.
# "client_deauth": Client deauthenticated by the client via splash page.
# "idle_deauth": Client was deauthenticated because of inactivity.
# "timeout_deauth": Client was deauthenticated because the session timed out.
# "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
# "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
# "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
#
# Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
#
#option binauth '/bin/myauth.sh'
# Enable PreAuth Support.
#
# A simple login script is provided in the package.
# This generates a login page asking for usename and email address.
# User logins are recorded in the log file /tmp/ndslog.log
# Details of how the script works are contained in comments in the script itself.
#
# The Preauth program will output html code that will be served to the client by NDS
# Using html GET the Preauth program may call:
# /nodogsplash_preauth/ to ask the client for more information
# or
# /nodogsplash_auth/ to authenticate the client
#
# The Preauth program should append at least the client ip to the query string
# (using html input type hidden) for all calls to /nodogsplash_preauth/
# It must also obtain the client token using ndsctl (or the original query string if fas_secure_enabled=0)
# for NDS authentication when calling /nodogsplash_auth/
#
#option preauth '/usr/lib/nodogsplash/login.sh'
# Your router may have several interfaces, and you
# probably want to keep them private from the gatewayinterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
#list authenticated_users 'block to 192.168.0.0/16'
#list authenticated_users 'block to 10.0.0.0/8'
# Typical ports you will probably want to open up.
#list authenticated_users 'allow tcp port 22'
#list authenticated_users 'allow tcp port 53'
#list authenticated_users 'allow udp port 53'
#list authenticated_users 'allow tcp port 80'
#list authenticated_users 'allow tcp port 443'
# Or for happy customers allow all
list authenticated_users 'allow all'
# For preauthenticated users to resolve IP addresses in their
# initial request not using the router itself as a DNS server,
# Leave commented to help prevent DNS tunnelling
#list preauthenticated_users 'allow tcp port 53'
#list preauthenticated_users 'allow udp port 53'
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
list users_to_router 'allow tcp port 22'
list users_to_router 'allow tcp port 23'
list users_to_router 'allow tcp port 53'
list users_to_router 'allow udp port 53'
list users_to_router 'allow udp port 67'
list users_to_router 'allow tcp port 80'
# MAC addresses that are / are not allowed to access the splash page
# Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
#option macmechanism 'allow'
#list allowedmac '00:00:C0:01:D0:0D'
#list allowedmac '00:00:C0:01:D0:1D'
#list blockedmac '00:00:C0:01:D0:2D'
# MAC addresses that do not need to authenticate
#list trustedmac '00:00:C0:01:D0:1D'
# Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
# This mask can conflict with the requirements of other packages such as mwan3, sqm etc
# Any values set here are interpreted as in hex format.
#
# List: fw_mark_authenticated
# Default: 30000 (0011|0000|0000|0000|0000 binary)
#
# List: fw_mark_trusted
# Default: 20000 (0010|0000|0000|0000|0000 binary)
#
# List: fw_mark_blocked
# Default: 10000 (0001|0000|0000|0000|0000 binary)
#
#option fw_mark_authenticated '30000'
#option fw_mark_trusted '20000'
#option fw_mark_blocked '10000'