Duplicate allow rules created by wifidog when a user authenticates

[florida63]

Reported and corrected bug in DD WRT
http://svn.dd-wrt.com/changeset/20674

To be confirmed.

[florida63]

@Kvncrck: I saw your issue # 47 and you seem to use wifidog with many user. Could you send me the return of the order when there are many users.

iptables -t mangle -L

to confirm this problem of duplication in firewall rule.

In advance, thank you

[florida63]

@Kvncrck: Thank you,

I deliberately deleted your message because your post match mac adress trusted.

In fact, i want users who are truly authenticated or an account is created.
mask your mac addresses and guards a certain consistency if you have duplicates.

No need to send "Chain WiFiDog_eth1_Trusted".

[Kvncrck]

We are using apAuthSplashOnlyPlugin for authentication. Here is the output
with with over 112 users authenticated.

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
WiFiDog_eth1_Trusted all -- anywhere anywhere
WiFiDog_eth1_Outgoing all -- anywhere anywhere
tcpre all -- anywhere anywhere

Chain INPUT (policy ACCEPT)
target prot opt source destination
tcin all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
tcfor all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
tcout all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
WiFiDog_eth1_Incoming all -- anywhere anywhere
tcpost all -- anywhere anywhere

Chain WiFiDog_eth1_Incoming (1 references)
target prot opt source destination
ACCEPT all -- anywhere 10.10.2.146
ACCEPT all -- anywhere 10.10.2.75
ACCEPT all -- anywhere 10.10.2.96
ACCEPT all -- anywhere 10.10.2.96
ACCEPT all -- anywhere 10.10.2.96
ACCEPT all -- anywhere 10.10.2.96
ACCEPT all -- anywhere 10.10.1.18
ACCEPT all -- anywhere 10.10.2.255
ACCEPT all -- anywhere 10.10.0.120
ACCEPT all -- anywhere 10.10.0.227
ACCEPT all -- anywhere 10.10.0.188
ACCEPT all -- anywhere 10.10.1.160
ACCEPT all -- anywhere 10.10.2.239
ACCEPT all -- anywhere 10.10.2.104
ACCEPT all -- anywhere 10.10.2.230
ACCEPT all -- anywhere 10.10.1.109
ACCEPT all -- anywhere 10.10.2.142
ACCEPT all -- anywhere 10.10.2.142
ACCEPT all -- anywhere 10.10.2.173
ACCEPT all -- anywhere 10.10.1.80
ACCEPT all -- anywhere 10.10.0.159
ACCEPT all -- anywhere 10.10.2.67
ACCEPT all -- anywhere 10.10.0.226
ACCEPT all -- anywhere 10.10.1.221
ACCEPT all -- anywhere 10.10.2.31
ACCEPT all -- anywhere 10.10.1.213
ACCEPT all -- anywhere 10.10.1.213
ACCEPT all -- anywhere 10.10.1.77
ACCEPT all -- anywhere 10.10.1.189
ACCEPT all -- anywhere 10.10.2.126
ACCEPT all -- anywhere 10.10.0.200
ACCEPT all -- anywhere 10.10.0.200
ACCEPT all -- anywhere 10.10.2.217
ACCEPT all -- anywhere 10.10.2.117
ACCEPT all -- anywhere 10.10.1.233
ACCEPT all -- anywhere 10.10.2.233
ACCEPT all -- anywhere 10.10.1.187
ACCEPT all -- anywhere 10.10.2.48
ACCEPT all -- anywhere 10.10.1.94
ACCEPT all -- anywhere 10.10.1.245
ACCEPT all -- anywhere 10.10.2.235
ACCEPT all -- anywhere 10.10.2.246
ACCEPT all -- anywhere 10.10.2.162
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.2.168
ACCEPT all -- anywhere 10.10.2.168
ACCEPT all -- anywhere 10.10.2.168
ACCEPT all -- anywhere 10.10.1.5
ACCEPT all -- anywhere 10.10.2.14
ACCEPT all -- anywhere 10.10.1.5
ACCEPT all -- anywhere 10.10.0.109
ACCEPT all -- anywhere 10.10.1.5
ACCEPT all -- anywhere 10.10.2.102
ACCEPT all -- anywhere 10.10.2.102
ACCEPT all -- anywhere 10.10.2.102
ACCEPT all -- anywhere 10.10.2.102
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.1.216
ACCEPT all -- anywhere 10.10.0.139
ACCEPT all -- anywhere 10.10.1.25
ACCEPT all -- anywhere 10.10.1.25
ACCEPT all -- anywhere 10.10.2.242
ACCEPT all -- anywhere 10.10.2.188
ACCEPT all -- anywhere 10.10.0.202
ACCEPT all -- anywhere 10.10.2.169
ACCEPT all -- anywhere 10.10.2.100
ACCEPT all -- anywhere 10.10.2.214
ACCEPT all -- anywhere 10.10.1.108
ACCEPT all -- anywhere 10.10.1.104
ACCEPT all -- anywhere 10.10.2.153
ACCEPT all -- anywhere 10.10.0.252
ACCEPT all -- anywhere 10.10.1.22
ACCEPT all -- anywhere 10.10.1.60
ACCEPT all -- anywhere 10.10.2.74
ACCEPT all -- anywhere 10.10.2.74
ACCEPT all -- anywhere 10.10.2.251
ACCEPT all -- anywhere 10.10.2.237
ACCEPT all -- anywhere 10.10.2.90
ACCEPT all -- anywhere 10.10.2.74
ACCEPT all -- anywhere 10.10.2.134
ACCEPT all -- anywhere 10.10.1.1
ACCEPT all -- anywhere 10.10.1.1
ACCEPT all -- anywhere 10.10.1.214
ACCEPT all -- anywhere 10.10.2.25
ACCEPT all -- anywhere 10.10.2.30
ACCEPT all -- anywhere 10.10.1.138
ACCEPT all -- anywhere 10.10.2.177
ACCEPT all -- anywhere 10.10.2.207
ACCEPT all -- anywhere 10.10.1.143
ACCEPT all -- anywhere 10.10.2.118
ACCEPT all -- anywhere 10.10.0.140
ACCEPT all -- anywhere 10.10.2.105
ACCEPT all -- anywhere 10.10.0.142
ACCEPT all -- anywhere 10.10.0.121
ACCEPT all -- anywhere 10.10.0.144
ACCEPT all -- anywhere 10.10.2.57
ACCEPT all -- anywhere 10.10.0.203
ACCEPT all -- anywhere 10.10.2.229
ACCEPT all -- anywhere 10.10.1.250
ACCEPT all -- anywhere 10.10.1.29
ACCEPT all -- anywhere 10.10.1.118
ACCEPT all -- anywhere 10.10.1.247
ACCEPT all -- anywhere 10.10.1.247
ACCEPT all -- anywhere 10.10.1.118
ACCEPT all -- anywhere 10.10.1.69
ACCEPT all -- anywhere 10.10.2.250
ACCEPT all -- anywhere 10.10.2.18
ACCEPT all -- anywhere 10.10.0.119
ACCEPT all -- anywhere 10.10.0.119
ACCEPT all -- anywhere 10.10.1.154
ACCEPT all -- anywhere 10.10.1.154
ACCEPT all -- anywhere 10.10.0.237
ACCEPT all -- anywhere 10.10.1.181
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.141
ACCEPT all -- anywhere 10.10.2.186
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.1.145
ACCEPT all -- anywhere 10.10.2.60
ACCEPT all -- anywhere 10.10.1.211
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.0.110
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.28
ACCEPT all -- anywhere 10.10.2.95
ACCEPT all -- anywhere 10.10.2.95
ACCEPT all -- anywhere 10.10.2.95
ACCEPT all -- anywhere 10.10.1.76
ACCEPT all -- anywhere 10.10.2.252
ACCEPT all -- anywhere 10.10.0.231
ACCEPT all -- anywhere 10.10.2.105
ACCEPT all -- anywhere 10.10.0.231
ACCEPT all -- anywhere 10.10.0.231
ACCEPT all -- anywhere 10.10.0.231
ACCEPT all -- anywhere 10.10.1.49
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.48
ACCEPT all -- anywhere 10.10.1.151
ACCEPT all -- anywhere 10.10.2.2
ACCEPT all -- anywhere 10.10.1.4
ACCEPT all -- anywhere 10.10.1.4
ACCEPT all -- anywhere 10.10.0.246
ACCEPT all -- anywhere 10.10.1.31
ACCEPT all -- anywhere 10.10.1.176
ACCEPT all -- anywhere 10.10.1.46
ACCEPT all -- anywhere 10.10.2.211
ACCEPT all -- anywhere 10.10.0.100
ACCEPT all -- anywhere 10.10.0.229
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.1.68
ACCEPT all -- anywhere 10.10.2.109
ACCEPT all -- anywhere 10.10.2.11
ACCEPT all -- anywhere 10.10.1.177
ACCEPT all -- anywhere 10.10.0.124
ACCEPT all -- anywhere 10.10.1.105

Chain WiFiDog_eth1_Outgoing (1 references)
target prot opt source destination
MARK all -- 10.10.2.146 anywhere MAC
88:C9:D0:C5:A6:32 MARK set 0x2
MARK all -- 10.10.2.75 anywhere MAC
00:88:65:65:32:9C MARK set 0x2
MARK all -- 10.10.2.96 anywhere MAC
C8:85:50:06:A1:3E MARK set 0x2
MARK all -- 10.10.2.96 anywhere MAC
C8:85:50:06:A1:3E MARK set 0x2
MARK all -- 10.10.2.96 anywhere MAC
C8:85:50:06:A1:3E MARK set 0x2
MARK all -- 10.10.2.96 anywhere MAC
C8:85:50:06:A1:3E MARK set 0x2
MARK all -- 10.10.1.18 anywhere MAC
34:23:BA:EE:95:15 MARK set 0x2
MARK all -- 10.10.2.255 anywhere MAC
04:F1:3E:DF:22:17 MARK set 0x2
MARK all -- 10.10.0.120 anywhere MAC
60:F8:1D:B8:A6:BE MARK set 0x2
MARK all -- 10.10.0.227 anywhere MAC
70:14:A6:0A:FB:CE MARK set 0x2
MARK all -- 10.10.0.188 anywhere MAC
3C:15:C2:CE:3D:3A MARK set 0x2
MARK all -- 10.10.1.160 anywhere MAC
94:EB:CD:00:47:F9 MARK set 0x2
MARK all -- 10.10.2.239 anywhere MAC
B4:18:D1:0B:65:59 MARK set 0x2
MARK all -- 10.10.2.104 anywhere MAC
20:C9:D0:82:80:39 MARK set 0x2
MARK all -- 10.10.2.230 anywhere MAC
90:18:7C:4A:5C:B8 MARK set 0x2
MARK all -- 10.10.1.109 anywhere MAC
F0:27:65:E7:05:66 MARK set 0x2
MARK all -- 10.10.2.142 anywhere MAC
00:1F:3A:50:CB:91 MARK set 0x2
MARK all -- 10.10.2.142 anywhere MAC
00:1F:3A:50:CB:91 MARK set 0x2
MARK all -- 10.10.2.173 anywhere MAC
98:FE:94:47:E9:76 MARK set 0x2
MARK all -- 10.10.1.80 anywhere MAC
B0:9F:BA:29:27:95 MARK set 0x2
MARK all -- 10.10.0.159 anywhere MAC
28:E3:47:1A:EB:14 MARK set 0x2
MARK all -- 10.10.2.67 anywhere MAC
60:C5:47:04:51:7C MARK set 0x2
MARK all -- 10.10.0.226 anywhere MAC
B4:B6:76:37:E7:3B MARK set 0x2
MARK all -- 10.10.1.221 anywhere MAC
D0:DF:9A:A3:49:9B MARK set 0x2
MARK all -- 10.10.2.31 anywhere MAC
54:72:4F:97:0D:84 MARK set 0x2
MARK all -- 10.10.1.213 anywhere MAC
34:BB:26:90:A7:9E MARK set 0x2
MARK all -- 10.10.1.213 anywhere MAC
34:BB:26:90:A7:9E MARK set 0x2
MARK all -- 10.10.1.77 anywhere MAC
D8:D1:CB:B0:D2:86 MARK set 0x2
MARK all -- 10.10.1.189 anywhere MAC
2C:BE:08:EE:43:B8 MARK set 0x2
MARK all -- 10.10.2.126 anywhere MAC
D8:9E:3F:11:47:65 MARK set 0x2
MARK all -- 10.10.0.200 anywhere MAC
84:4B:F5:4C:B9:75 MARK set 0x2
MARK all -- 10.10.0.200 anywhere MAC
84:4B:F5:4C:B9:75 MARK set 0x2
MARK all -- 10.10.2.217 anywhere MAC
1C:65:9D:4C:65:9A MARK set 0x2
MARK all -- 10.10.2.117 anywhere MAC
88:C9:D0:D9:2A:4D MARK set 0x2
MARK all -- 10.10.1.233 anywhere MAC
F0:27:65:E1:93:6B MARK set 0x2
MARK all -- 10.10.2.233 anywhere MAC
30:10:E4:2B:B0:69 MARK set 0x2
MARK all -- 10.10.1.187 anywhere MAC
8C:70:5A:27:6B:BC MARK set 0x2
MARK all -- 10.10.2.48 anywhere MAC
14:2D:27:AB:94:FD MARK set 0x2
MARK all -- 10.10.1.94 anywhere MAC
88:C9:D0:F8:49:EA MARK set 0x2
MARK all -- 10.10.1.245 anywhere MAC
64:89:9A:9E:08:27 MARK set 0x2
MARK all -- 10.10.2.235 anywhere MAC
30:75:12:58:70:AD MARK set 0x2
MARK all -- 10.10.2.246 anywhere MAC
40:7A:80:DA:69:64 MARK set 0x2
MARK all -- 10.10.2.162 anywhere MAC
80:EA:96:C5:D3:95 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.2.168 anywhere MAC
00:24:2C:0A:61:DB MARK set 0x2
MARK all -- 10.10.2.168 anywhere MAC
00:24:2C:0A:61:DB MARK set 0x2
MARK all -- 10.10.2.168 anywhere MAC
00:24:2C:0A:61:DB MARK set 0x2
MARK all -- 10.10.1.5 anywhere MAC
A8:BB:CF:07:8C:28 MARK set 0x2
MARK all -- 10.10.2.14 anywhere MAC
E4:98:D6:E8:CC:E0 MARK set 0x2
MARK all -- 10.10.1.5 anywhere MAC
A8:BB:CF:07:8C:28 MARK set 0x2
MARK all -- 10.10.0.109 anywhere MAC
0C:74:C2:A4:2C:DC MARK set 0x2
MARK all -- 10.10.1.5 anywhere MAC
A8:BB:CF:07:8C:28 MARK set 0x2
MARK all -- 10.10.2.102 anywhere MAC
D8:B1:2A:39:7D:39 MARK set 0x2
MARK all -- 10.10.2.102 anywhere MAC
D8:B1:2A:39:7D:39 MARK set 0x2
MARK all -- 10.10.2.102 anywhere MAC
D8:B1:2A:39:7D:39 MARK set 0x2
MARK all -- 10.10.2.102 anywhere MAC
D8:B1:2A:39:7D:39 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.1.216 anywhere MAC
2C:8A:72:83:DF:18 MARK set 0x2
MARK all -- 10.10.0.139 anywhere MAC
54:72:4F:93:E0:85 MARK set 0x2
MARK all -- 10.10.1.25 anywhere MAC
58:B0:35:60:1B:D9 MARK set 0x2
MARK all -- 10.10.1.25 anywhere MAC
58:B0:35:60:1B:D9 MARK set 0x2
MARK all -- 10.10.2.242 anywhere MAC
34:23:87:58:CF:15 MARK set 0x2
MARK all -- 10.10.2.188 anywhere MAC
48:D7:05:E6:E4:B9 MARK set 0x2
MARK all -- 10.10.0.202 anywhere MAC
40:6F:2A:F5:34:64 MARK set 0x2
MARK all -- 10.10.2.169 anywhere MAC
00:23:6C:92:A9:4B MARK set 0x2
MARK all -- 10.10.2.100 anywhere MAC
B0:65:BD:97:EF:43 MARK set 0x2
MARK all -- 10.10.2.214 anywhere MAC
00:25:00:42:F4:50 MARK set 0x2
MARK all -- 10.10.1.108 anywhere MAC
34:FC:EF:E7:18:D8 MARK set 0x2
MARK all -- 10.10.1.104 anywhere MAC
F8:A9:D0:67:FE:66 MARK set 0x2
MARK all -- 10.10.2.153 anywhere MAC
28:18:78:C3:5D:DB MARK set 0x2
MARK all -- 10.10.0.252 anywhere MAC
1C:65:9D:76:B0:21 MARK set 0x2
MARK all -- 10.10.1.22 anywhere MAC
5C:96:9D:84:A2:D9 MARK set 0x2
MARK all -- 10.10.1.60 anywhere MAC
F0:DB:E2:6A:29:54 MARK set 0x2
MARK all -- 10.10.2.74 anywhere MAC
1C:65:9D:B7:40:C2 MARK set 0x2
MARK all -- 10.10.2.74 anywhere MAC
1C:65:9D:B7:40:C2 MARK set 0x2
MARK all -- 10.10.2.251 anywhere MAC
44:4C:0C:D7:2C:4F MARK set 0x2
MARK all -- 10.10.2.237 anywhere MAC
90:00:4E:BC:99:61 MARK set 0x2
MARK all -- 10.10.2.90 anywhere MAC
CC:3A:61:28:7F:01 MARK set 0x2
MARK all -- 10.10.2.74 anywhere MAC
1C:65:9D:B7:40:C2 MARK set 0x2
MARK all -- 10.10.2.134 anywhere MAC
2C:B4:3A:EB:68:DD MARK set 0x2
MARK all -- 10.10.1.1 anywhere MAC
6C:40:08:97:66:BE MARK set 0x2
MARK all -- 10.10.1.1 anywhere MAC
6C:40:08:97:66:BE MARK set 0x2
MARK all -- 10.10.1.214 anywhere MAC
00:23:12:14:B7:13 MARK set 0x2
MARK all -- 10.10.2.25 anywhere MAC
0C:3E:9F:B8:11:69 MARK set 0x2
MARK all -- 10.10.2.30 anywhere MAC
E4:CE:8F:43:EB:C2 MARK set 0x2
MARK all -- 10.10.1.138 anywhere MAC
1C:E6:2B:A6:98:54 MARK set 0x2
MARK all -- 10.10.2.177 anywhere MAC
94:35:0A:D0:FA:35 MARK set 0x2
MARK all -- 10.10.2.207 anywhere MAC
94:94:26:01:26:2E MARK set 0x2
MARK all -- 10.10.1.143 anywhere MAC
90:FD:61:BF:CB:5A MARK set 0x2
MARK all -- 10.10.2.118 anywhere MAC
80:E6:50:45:F5:4C MARK set 0x2
MARK all -- 10.10.0.140 anywhere MAC
24:E3:14:70:33:46 MARK set 0x2
MARK all -- 10.10.2.105 anywhere MAC
84:38:38:A5:90:98 MARK set 0x2
MARK all -- 10.10.0.142 anywhere MAC
54:E4:3A:CE:03:6F MARK set 0x2
MARK all -- 10.10.0.121 anywhere MAC
70:14:A6:43:F3:71 MARK set 0x2
MARK all -- 10.10.0.144 anywhere MAC
70:14:A6:12:5A:61 MARK set 0x2
MARK all -- 10.10.2.57 anywhere MAC
4C:8D:79:EE:BD:62 MARK set 0x2
MARK all -- 10.10.0.203 anywhere MAC
68:D9:3C:2A:5E:E9 MARK set 0x2
MARK all -- 10.10.2.229 anywhere MAC
60:FA:CD:B6:10:BE MARK set 0x2
MARK all -- 10.10.1.250 anywhere MAC
80:BE:05:B5:F9:D3 MARK set 0x2
MARK all -- 10.10.1.29 anywhere MAC
3C:AB:8E:98:B9:9A MARK set 0x2
MARK all -- 10.10.1.118 anywhere MAC
B8:E8:56:12:47:F6 MARK set 0x2
MARK all -- 10.10.1.247 anywhere MAC
60:03:08:97:C6:C0 MARK set 0x2
MARK all -- 10.10.1.247 anywhere MAC
60:03:08:97:C6:C0 MARK set 0x2
MARK all -- 10.10.1.118 anywhere MAC
B8:E8:56:12:47:F6 MARK set 0x2
MARK all -- 10.10.1.69 anywhere MAC
64:76:BA:44:72:17 MARK set 0x2
MARK all -- 10.10.2.250 anywhere MAC
90:72:40:7D:47:CC MARK set 0x2
MARK all -- 10.10.2.18 anywhere MAC
04:F1:3E:E1:F8:9B MARK set 0x2
MARK all -- 10.10.0.119 anywhere MAC
D0:E1:40:96:AB:E0 MARK set 0x2
MARK all -- 10.10.0.119 anywhere MAC
D0:E1:40:96:AB:E0 MARK set 0x2
MARK all -- 10.10.1.154 anywhere MAC
98:FE:94:4F:51:90 MARK set 0x2
MARK all -- 10.10.1.154 anywhere MAC
98:FE:94:4F:51:90 MARK set 0x2
MARK all -- 10.10.0.237 anywhere MAC
D0:A6:37:CD:97:1C MARK set 0x2
MARK all -- 10.10.1.181 anywhere MAC
6C:40:08:5C:8E:01 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.141 anywhere MAC
84:4B:F5:60:0F:6F MARK set 0x2
MARK all -- 10.10.2.186 anywhere MAC
48:D7:05:48:28:D8 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.1.145 anywhere MAC
2C:F0:EE:00:F2:32 MARK set 0x2
MARK all -- 10.10.2.60 anywhere MAC
54:26:96:DC:BA:17 MARK set 0x2
MARK all -- 10.10.1.211 anywhere MAC
70:56:81:9B:3B:83 MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.0.110 anywhere MAC
60:45:BD:20:C1:80 MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E4:98:D6:13:83:07 MARK set 0x2
MARK all -- 10.10.2.28 anywhere MAC
E0:F5:C6:97:94:CD MARK set 0x2
MARK all -- 10.10.2.95 anywhere MAC
54:26:96:E0:9A:D1 MARK set 0x2
MARK all -- 10.10.2.95 anywhere MAC
54:26:96:E0:9A:D1 MARK set 0x2
MARK all -- 10.10.2.95 anywhere MAC
54:26:96:E0:9A:D1 MARK set 0x2
MARK all -- 10.10.1.76 anywhere MAC
28:CF:E9:64:64:DB MARK set 0x2
MARK all -- 10.10.2.252 anywhere MAC
AC:7F:3E:52:DA:98 MARK set 0x2
MARK all -- 10.10.0.231 anywhere MAC
20:C9:D0:42:F9:41 MARK set 0x2
MARK all -- 10.10.2.105 anywhere MAC
84:38:38:A5:90:98 MARK set 0x2
MARK all -- 10.10.0.231 anywhere MAC
20:C9:D0:42:F9:41 MARK set 0x2
MARK all -- 10.10.0.231 anywhere MAC
20:C9:D0:42:F9:41 MARK set 0x2
MARK all -- 10.10.0.231 anywhere MAC
20:C9:D0:42:F9:41 MARK set 0x2
MARK all -- 10.10.1.49 anywhere MAC
88:44:F6:31:75:AC MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.48 anywhere MAC
2C:F0:EE:01:4B:B2 MARK set 0x2
MARK all -- 10.10.1.151 anywhere MAC
30:75:12:AE:B4:6C MARK set 0x2
MARK all -- 10.10.2.2 anywhere MAC
9C:D9:17:91:E8:70 MARK set 0x2
MARK all -- 10.10.1.4 anywhere MAC
A0:0B:BA:CA:8C:2E MARK set 0x2
MARK all -- 10.10.1.4 anywhere MAC
A0:0B:BA:CA:8C:2E MARK set 0x2
MARK all -- 10.10.0.246 anywhere MAC
20:C9:D0:B1:54:33 MARK set 0x2
MARK all -- 10.10.1.31 anywhere MAC
9C:F3:87:D5:F7:02 MARK set 0x2
MARK all -- 10.10.1.176 anywhere MAC
54:72:4F:75:87:59 MARK set 0x2
MARK all -- 10.10.1.46 anywhere MAC
64:76:BA:B3:68:5E MARK set 0x2
MARK all -- 10.10.2.211 anywhere MAC
54:26:96:E0:4A:15 MARK set 0x2
MARK all -- 10.10.0.100 anywhere MAC
B0:34:95:F0:5E:72 MARK set 0x2
MARK all -- 10.10.0.229 anywhere MAC
28:CF:E9:20:66:51 MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.1.68 anywhere MAC
F0:DB:E2:F4:10:61 MARK set 0x2
MARK all -- 10.10.2.109 anywhere MAC
70:56:81:A6:C1:7D MARK set 0x2
MARK all -- 10.10.2.11 anywhere MAC
20:C9:D0:B7:80:45 MARK set 0x2
MARK all -- 10.10.1.177 anywhere MAC
00:23:4E:6C:70:29 MARK set 0x2
MARK all -- 10.10.0.124 anywhere MAC
CC:3A:61:7F:94:91 MARK set 0x2
MARK all -- 10.10.1.105 anywhere MAC
60:03:08:A0:41:C8 MARK set 0x2

Chain WiFiDog_eth1_Trusted (1 references)....

Regards

On Tue, Feb 24, 2015 at 8:34 AM, florida63 notifications@github.com wrote:

@Kvncrck https://github.com/Kvncrck: Thank you,

I deliberately deleted your message because your post match mac adress
trusted.

In fact, i want users who are truly authenticated or an account is created.
mask your mac addresses and guards a certain consistency if you have
duplicates.

no need to send "Chain WiFiDog_eth1_Trusted".

—
Reply to this email directly or view it on GitHub
#55 (comment)
.

[florida63]

Oh, there is many redundancy

[Kvncrck]

Could they be hitting the login button multiple times?

On Thu, Feb 26, 2015 at 5:54 AM, florida63 notifications@github.com wrote:

Oh, there is many redundancy

—
Reply to this email directly or view it on GitHub
#55 (comment)
.

[florida63]

In all cases, there is no reason to add several times the same rule.

[acv]

One possible fix is to first check if the rule already exists before creating it.

At one point the code always removed access before granting it in the re-auth code path. This was added explicitly in 2004 and removed a few years later probably because it made no sense without comments.

The problem with that approach is a race condition where the users' access is removed and recreated a few (hundreds in some case) milliseconds later.

[acv]

@Kvncrck Do you frequently use wdctl restart?

[florida63]

@acv: I have done this test with 72f3d3d

on the auth page I log (1 time) and then sign out, I reconnected and sign out, etc, etc.

the command "iptables -L -t mangle returns me
Chain WiFiDog_br0_Outgoing (1 references)
target prot opt source destination
MARK all -- 10.63.57.13 anywhere MAC 00:E0:18:AC:2E:80 MARK set 0x2
MARK all -- 10.63.57.13 anywhere MAC 00:E0:18:AC:2E:80 MARK set 0x2
MARK all -- 10.63.57.13 anywhere MAC 00:E0:18:AC:2E:80 MARK set 0x2

wdctl restart and iptables -L -t mangle
Chain WiFiDog_br0_Outgoing (1 references)
target prot opt source destination
MARK all -- 10.63.57.13 anywhere MAC 00:E0:18:AC:2E:80 MARK set 0x2

wdctl restart makes the household.