diff options
author | Ermal <eri@pfsense.org> | 2012-12-13 20:51:19 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-12-13 20:51:19 +0000 |
commit | 06a45374b159db353f24f7c39ab8ce52038b6d89 (patch) | |
tree | 3f0ac3cf10ea7d05c96aa9bafd3a80974c5c7b97 /etc/inc/captiveportal.inc | |
parent | d0288824f3719138a53d01ff6e4fa49fde18972d (diff) | |
download | pfsense-06a45374b159db353f24f7c39ab8ce52038b6d89.zip pfsense-06a45374b159db353f24f7c39ab8ce52038b6d89.tar.gz |
Fixes #2006 Forward to lighty only port 80 and 443 tcp rather than all tcp traffic.
Diffstat (limited to 'etc/inc/captiveportal.inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9477a91..0047073 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -578,11 +578,16 @@ EOD; $config['captiveportal'][$cpzone]['listenporthttp'] ? $config['captiveportal'][$cpzone]['listenporthttp'] : $config['captiveportal'][$cpzone]['zoneid']; + + if (isset($cpcfg['httpslogin'])) { + $listenporthttps = $listenporthttp + 1; + $cprules .= "add 65531 set 1 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n"; + } $cprules .= <<<EOD # redirect non-authenticated clients to captive portal -add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any in +add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in # let the responses from the captive portal web server back out add 65532 set 1 pass tcp from any to any out # block everything else |