From 328914ddca94d8ccac2f0608b2aaa564973bd144 Mon Sep 17 00:00:00 2001 From: Seth0r Date: Mon, 3 Apr 2023 16:04:25 +0200 Subject: [PATCH] addded initial documentation --- docs/features/client-isolation.rst | 58 ++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 docs/features/client-isolation.rst diff --git a/docs/features/client-isolation.rst b/docs/features/client-isolation.rst new file mode 100644 index 00000000..4236aa5a --- /dev/null +++ b/docs/features/client-isolation.rst @@ -0,0 +1,58 @@ +Client Isolation Support +======================== + +Normally every client is a wireless network can communicate +with any other client in the network. +Client Isolation is a security feature which prevents +Client-to-Client communication. + +There are two different modes to isolate traffic, which can be +selected by the ``mesh.isolate`` setting in the site or domain +configuration. + +Full Client Isolation Mode +-------------------------- + +In the full isolation mode all traffic between wireless and +wired clients is prevented. The Clients are only able to access +the Gateway and the Internet. + +This mode may not be very useful in a Freifunk context. + +It can be activated by setting ``mesh.isolate`` to ``all`` in the +site or domain configuration. + +:: + + { + mesh = { + isolate = 'all' + }, + + -- more domain specific config follows below + } + +Wireless Client Isolation Mode +------------------------------ + +In the wireless isolation mode only wireless clients are isolated +from other wireless clients. Communication where a wired client is +involved is not prevented. So every client can access any wired +client and every wired client can access all of the clients, only +wireless clients can not access other wireless clients. + +This mode may be more useful in a Freifunk context, but is still +not as ``frei`` as without any isolation. + +It can be activated by setting ``mesh.isolate`` to ``wireless`` +in the site or domain configuration. + +:: + + { + mesh = { + isolate = 'wireless' + }, + + -- more domain specific config follows below + }