Mailinglist Archive: opensuse (1047 mails)

< Previous Next >
[opensuse] automatically identifying and handling apple iphones in firewall ?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 02 Jan 2016 14:39:38 +0100
  • Message-id: <n68juq$sof$1@saturn.local.net>
We had a couple of friends over for New Years' and discovered that their
fairly new or upgraded iphones and ipads somehow didn't work on the
wifi. That is, ipv6 websites worked fine, but ipv4 did not.

I've finally tracked it down to be due to iOS8 and newer not accepting
icmp redirects. (the icmp redirect is caused by my transparent squid
cache).
Other systems with this fault are e.g. Windows8 and Nintendo, and
generally I have just added a bypass rule in the firewall for those
specific devices.

However, we have too many people with iphones traipsing around, so it
would be nice for the firewall to automagically identify iphones and
add them to a separate chain for bypassing/dealing with this issue.
Obviously those devices are on dhcp, I could possibly detect it there
and amend the firewall, but it would be a bit kludgy.

Basically, I need a rule such as the below added to the firewall
whenever a new iphone device appears:

iptables -A PREROUTING -t mangle -j ACCEPT -p tcp --dport http -s <ip>

I guess looking at the mac address might work, but I have at least 6
different ones of those too: 44:00:10, 4c:7c:5f, d0:4f:7e, 64:b9:e8,
84:b1:53. (seems like there is at least 451 OUIs registered to "Apple,
Inc".

Any better ideas?


--
Per Jessen, Zürich (5.1°C)
http://www.dns24.ch/ - your free DNS host, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups