diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-07-26 16:17:16 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-07-26 16:17:16 -0300 |
| commit | d9a0c4b8e86b193821b67783982e66370b399629 (patch) | |
| tree | a38c6290dbdd9854c57f73dd001d1e9901a53d1e /etc/inc/captiveportal.inc | |
| parent | 188097024801509c431899e7d9d4382e0a05b204 (diff) | |
| parent | 4cb9abc3dc4b1faf42f4f8607772f9b652341209 (diff) | |
| download | pfsense-d9a0c4b8e86b193821b67783982e66370b399629.zip pfsense-d9a0c4b8e86b193821b67783982e66370b399629.tar.gz | |
Merge remote branch 'mainline/master'
Conflicts:
usr/local/www/services_rfc2136.php
usr/local/www/services_snmp.php
usr/local/www/status_rrd_graph.php
usr/local/www/status_rrd_graph_settings.php
Diffstat (limited to 'etc/inc/captiveportal.inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 42 |
1 files changed, 7 insertions, 35 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1e96b41..0d3853b 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -425,45 +425,14 @@ EOD; foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; - //# allow access to our DHCP server (which needs to be able to ping clients as well) - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; + $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 67 to any 68 out \n"; + $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n"; $rulenum++; - //# allow access to our DNS forwarder - $cprules .= "add {$rulenum} set 1 pass udp from any to {$ips} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 53 to any out \n"; - $rulenum++; - # allow access to our web server - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8000 to any out \n"; - - if (isset($config['captiveportal']['httpslogin'])) { - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8001 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8001 to any out \n"; - } - if (!empty($config['system']['webgui']['port'])) - $port = $config['system']['webgui']['port']; - else if ($config['system']['webgui']['proto'] == "http") - $port = 80; - else - $port = 443; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} {$port} in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} {$port} to any out \n"; - $rulenum++; - /* Allowed ips */ $cprules .= "add {$rulenum} allow ip from table(3) to any in\n"; $rulenum++; @@ -917,14 +886,17 @@ function captiveportal_allowedip_configure_entry($ipent) { $bw_up = $ruleno + 20000; $rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n"; } + $subnet = ""; + if (!empty($ipent['sn'])) + $subnet = "/{$ipent['sn']}"; foreach ($tablein as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_up}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n"; if ($enBwdown) { $bw_down = $ruleno + 20001; $rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n"; } foreach ($tableout as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_down}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n"; return $rules; } |
