I’m running Zeroshell 3.2.1.
They are used Nmap Security Scanner. They let me saw breaking in Wifi.
I make a wifi network like 192.168.192.0/26 DHCP & DNS on Zeroshell machine. Use DNS a free open service (UDP 53) and DHCP/Bootp (UDP 67) like in your example configuration.
Firewall rules is very simple :
Forward : (51..64 is my wifi access points)
1 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 192.168.2.0/24 source IP range 192.168.192.51-192.168.192.64 no
2 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 172.16.0.0/20 source IP range 192.168.192.51-192.168.192.64 no
3 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 192.168.192.51-192.168.192.64 TIME from 00:00:00 to 23:45:00
Input :
1 ETH01 * ACCEPT all opt — in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0 no
2 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 192.168.192.51-192.168.192.64 no
3 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 TIME from 07:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri no
4 ETH00 * DROP all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0
Output :
1 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 destination IP range 192.168.192.51-192.168.192.64 no
2 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 192.168.192.0/22 TIME from 07:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri no
3 * * DROP all opt — in * out * 0.0.0.0/0 -> 192.168.192.0/22
This rules are made to avoid wifi after 8:00 PM and before 7:00 AM.
Between 11:45 PM and 12:00 PM traffic is disabled for Wifi access points to force a reset.
If you want I can send you my config.
Kind regards.