diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2011-01-25 11:55:07 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2011-01-25 11:55:07 -0500 |
| commit | 55c18b30a97f807bee5c7e13f6a2fa34af995b56 (patch) | |
| tree | 37da13b30218647224f2db5ceee98fa3f4a7ab45 /etc/inc | |
| parent | f23a6091d4c9142b0821f276f93cb4fba80ef63d (diff) | |
| download | pfsense-55c18b30a97f807bee5c7e13f6a2fa34af995b56.zip pfsense-55c18b30a97f807bee5c7e13f6a2fa34af995b56.tar.gz | |
Adding preliminary version of allowed hostnames. Allowed hostnames function similar to allowed IP addresses and permit the captive portal to pass traffic out. An example usage of this is to allow access to a hotel web page freely and then require authentcation hotlinking from this point.
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 50ddf90..e171fe9 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -639,9 +639,13 @@ EOD; /* generate passthru mac database */ $cprules .= captiveportal_passthrumac_configure(true); $cprules .= "\n"; + /* allowed ipfw rules to make allowed ip work */ $cprules .= captiveportal_allowedip_configure(); + /* allowed ipfw rules to make allowed hostnames work */ + $cprules .= captiveportal_allowedhostname_configure(); + /* load rules */ if ($reinit == true) $cprules = "table all flush\nflush\n{$cprules}"; @@ -1046,6 +1050,7 @@ function captiveportal_allowedip_configure_entry($ipent) { A change results in reloading the ruleset. */ function setup_dnsfilter_entries($hostname) { + global $g, $config; $cp_filterdns_filename = "{$g['varetc_path']}/filterdns-captiveportal.conf"; $fd = fopen($cp_filterdns_filename, "w"); if (is_array($config['captiveportal']['allowedhostname'])) @@ -1053,11 +1058,7 @@ function setup_dnsfilter_entries($hostname) { fwrite($fd, $hostnameent . "\n"); fclose($fd); killbypid("{$g['tmp_path']}/dnswatch-cpah.pid"); - mwexec("/usr/local/sbin/dnswatch {$g['tmp_path']}/dnswatch-cpah.pid 300 '/etc/rc.filter_configure_sync' {$g['varetc_path']}/dnswatch-captiveportal.conf"); -} - -function captiveportal_allowedhostname_configure_entry($ipent) { - + mwexec("/usr/local/sbin/dnswatch {$g['tmp_path']}/dnswatch-cpah.pid 300 '/etc/rc.captiveportal_configure' {$g['varetc_path']}/dnswatch-captiveportal.conf"); } function captiveportal_allowedhostname_configure() { @@ -1065,10 +1066,13 @@ function captiveportal_allowedhostname_configure() { $rules = ""; setup_dnsfilter_entries(); - if (is_array($config['captiveportal']['allowedhostname'])) - foreach ($config['captiveportal']['allowedhostname'] as $hostnameent) - $rules .= captiveportal_allowedip_configure_entry($hostnameent); - + if (is_array($config['captiveportal']['allowedhostname'])) { + foreach ($config['captiveportal']['allowedhostname'] as $hostnameent) { + $ipaddress = gethostbyname($hostnameent); + if(is_ipaddr($ipaddress)) + $rules .= captiveportal_allowedip_configure_entry($ipaddress); + } + } return $rules; } @@ -1077,9 +1081,8 @@ function captiveportal_allowedip_configure() { $rules = ""; if (is_array($config['captiveportal']['allowedip'])) { - foreach ($config['captiveportal']['allowedip'] as $ipent) { + foreach ($config['captiveportal']['allowedip'] as $ipent) $rules .= captiveportal_allowedip_configure_entry($ipent); - } } return $rules; |
