diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-09-20 14:20:40 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-09-20 14:20:40 +0000 |
commit | f6fbd03e872be59f0bd45f8c840df8c99b6ed5de (patch) | |
tree | 06011dfffd9b25cd0f8df5e14b5ba96d2e5b8031 /etc | |
parent | 88b8fdd032afb1bac70ef8a08a426f4bfa8ed7a2 (diff) | |
download | pfsense-f6fbd03e872be59f0bd45f8c840df8c99b6ed5de.zip pfsense-f6fbd03e872be59f0bd45f8c840df8c99b6ed5de.tar.gz |
Teach captiveportal code to use the mac in tables functionality. Change the default ruleset to reflect this.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 29eea0e..45e7718 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -362,8 +362,6 @@ add 1100 set 1 pass layer2 mac-type 0x888e # layer 2: block anything else non-IP add 1101 set 1 deny layer2 not mac-type ip -# layer 2: check if MAC addresses of authenticated clients are correct -add 1102 set 1 skipto 2000 layer2 EOD; @@ -400,14 +398,14 @@ EOD; $rulenum++; if (isset($config['captiveportal']['peruserbw'])) { - $cprules .= "add {$rulenum} set 2 pipe tablearg ip from table(3) to any in\n"; + $cprules .= "add {$rulenum} set 1 pipe tablearg ip from table(3) to any in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 2 pipe tablearg ip from any to table(4) out\n"; + $cprules .= "add {$rulenum} set 1 pipe tablearg ip from any to table(4) out\n"; $rulenum++; } else { - $cprules .= "add {$rulenum} set 2 skipto 50000 ip from table(3) to any in\n"; + $cprules .= "add {$rulenum} set 1 skipto 50000 ip from table(3) to any in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 2 skipto 50000 ip from any to table(4) out\n"; + $cprules .= "add {$rulenum} set 1 skipto 50000 ip from any to table(4) out\n"; $rulenum++; } @@ -615,8 +613,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* Delete client's ip entry from tables 3 and 4. */ mwexec("/sbin/ipfw table 3 delete {$dbent[2]}"); mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); - /* Delete client's ruleno */ - mwexec("/sbin/ipfw delete {$dbent[1]}"); /* * These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal |