Walled Garden
Sub-menu: /ip hotspot walled-garden
HTTP walled-garden, menu allows to set authentication bypass for HTTP and HTTPs resources
Properties
Property Description
action (
allow | deny; Default:
allow) Action to perform, when packet matches the rule
- allow - allow access to the web-page without authorization
- deny - the authorization is required to access the web-page
server (
string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (
IP; Default: ) Source address of the user, usually IP address of the HotSpot client
method (
string; Default: ) HTTP method of the request
dst-host (
string; Default: ) Domain name of the destination web-server
dst-port (
integer; Default: ) TCP port number, client sends request to
path (
string; Default: ) The path of the request, path comes after '''http://dst_host/'''
Read-only properties
Property Description
dst-address (
IP)
hits (
integer)
IP Walled Garden
Sub-menu: /ip hotspot walled-garden ip
Walled-garden menu for the IP requests (Winbox, SSH, Telnet, SIP, etc.)
Properties
Property Description
action (
allow | deny | reject; Default:
allow) Action to perform, when packet matches the rule
- allow - allow access to the web-page without authorization
- deny - the authorization is required to access the web-page
- reject - the authorization is required to access the resource, ICMP reject message will be sent to client, when packet will match the rule
server (
string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (
IP; Default: ) Source address of the user, usually IP address of the HotSpot client
dst-address (
IP; Default: ) Destination IP address, IP address of the WEB-server. Ignored if
dst-host is already specified.
dst-host (
string; Default: ) Domain name of the destination web-server. When this parameter is specified dynamic entry is added to
Walled Garden dst-port (
integer; Default: ) TCP port number, client sends request to
protocol (
integer | string; Default: ) IP protocol
Example
When adding walled garden IP entry several dynamic rules are created. For example, lets add
www.paypalobject.com
/ip hotspot walled-garden ip
add action=accept disabled=no dst-host=www.paypalobject.com
Now if you look at walled garden menu you will see dynamic entry for object we just added
[admin@493G] /ip hotspot walled-garden> print detail
Flags: X - disabled, D - dynamic
0 D ;;;
www.paypalobject.com
dst-address=68.178.232.99 action=allow hits=0
Also dynamic firewall and NAT rules are added to allow paypalobject.com resolved address
[admin@493G] /ip firewall filter> print dynamic
Flags: X - disabled, I - invalid, D - dynamic
...
7 D ;;;
www.paypalobject.com
chain=hs-unauth action=return dst-address=68.178.232.99
...
10 D ;;;
www.paypalobject.com
chain=hs-unauth-to action=return src-address=68.178.232.99
[admin@493G] /ip firewall nat> print dynamic
Flags: X - disabled, I - invalid, D - dynamic
...
8 D ;;;
www.paypalobject.com
chain=hs-unauth action=return dst-address=68.178.232.99
...