diff options
author | Ermal <eri@pfsense.org> | 2010-07-22 14:33:52 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-07-22 14:33:52 +0000 |
commit | 746e60c9ee05d270e8af303f51c9b669571b1b5a (patch) | |
tree | e6bd36b1f25cbe3572a31bb91ce2e6fdb21250b5 | |
parent | c55e45800d839e6e46d2704097d43563247fb06c (diff) | |
download | pfsense-746e60c9ee05d270e8af303f51c9b669571b1b5a.zip pfsense-746e60c9ee05d270e8af303f51c9b669571b1b5a.tar.gz |
Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.
-rw-r--r-- | etc/inc/captiveportal.inc | 35 |
1 files changed, 2 insertions, 33 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1e96b41..bc1596e 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -425,45 +425,14 @@ EOD; foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; - //# allow access to our DHCP server (which needs to be able to ping clients as well) - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; + $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 67 to any 68 out \n"; + $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n"; $rulenum++; - //# allow access to our DNS forwarder - $cprules .= "add {$rulenum} set 1 pass udp from any to {$ips} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 53 to any out \n"; - $rulenum++; - # allow access to our web server - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8000 to any out \n"; - - if (isset($config['captiveportal']['httpslogin'])) { - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8001 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8001 to any out \n"; - } - if (!empty($config['system']['webgui']['port'])) - $port = $config['system']['webgui']['port']; - else if ($config['system']['webgui']['proto'] == "http") - $port = 80; - else - $port = 443; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} {$port} in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} {$port} to any out \n"; - $rulenum++; - /* Allowed ips */ $cprules .= "add {$rulenum} allow ip from table(3) to any in\n"; $rulenum++; |