diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-05-27 20:55:40 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-05-27 20:55:40 +0000 |
commit | 04db658e8fd4aaf6c8a0cb0b0a3737c30aac2b2f (patch) | |
tree | 589b5ce33e38b0597c2db7b8c165889ac3e6dddb /etc | |
parent | 8062bbd93bcf02efd0ee9b00b8eb719c1e4202e9 (diff) | |
download | pfsense-04db658e8fd4aaf6c8a0cb0b0a3737c30aac2b2f.zip pfsense-04db658e8fd4aaf6c8a0cb0b0a3737c30aac2b2f.tar.gz |
Captive portal pf filter support
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 4b370b4..39f82bf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -892,6 +892,13 @@ function filter_nat_rules_generate() { $natrules .= "rdr on " . $lanif . " proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n\n"; } + /* captive portal redirects */ + if(isset($config['captiveportal']['enable'])) { + $cp_interface = filter_translate_type_to_real_interface($config['captiveportal']['interface']); + $lan_ip = $config['interfaces']['lan']['ipaddr']; + $natrules .= "rdr on " . $cp_interface . " proto tcp from any to any port { 80 443 } -> {$lan_ip} port 8000\n\n"; + } + /* DIAG: add ipv6 NAT, if requested */ if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") { $natrules .= "rdr on $wanif proto ipv6 from any to any port 0 -> " . "{$config['diag']['ipv6nat']['ipaddr']}\n"; @@ -1651,6 +1658,22 @@ anchor "packagelate" EOD; } + /* + * captive portal, pf version + * first pass captive portal interface traffic to port 8000 + * then block every incoming packet on the interface (non quick) + * then follow up with an allow items in the captiveportal anchor to flow + */ + if(isset($config['captiveportal']['enable'])) { + $cp_interface = filter_translate_type_to_real_interface($config['captiveportal']['interface']); + $lan_ip = $config['interfaces']['lan']['ipaddr']; + $ipfrules .= "\n# Captive portal\n"; + $ipfrules .= "table <captiveportal>\n"; + $ipfrules .= "pass in quick on {$cp_interface} from any to {$lanip} 8000 keep state\n"; + $ipfrules .= "block drop in on {$cp_interface} from any to any\n"; + $ipfrules .= "pass in quick on {$cp_interface} from <captiveportal> to any keep state\n"; + } + $ipfrules .= "\n# User-defined rules follow\n"; if (isset($config['filter']['rule'])) { @@ -1717,6 +1740,7 @@ EOD; } } + $ipfrules .= <<<EOD #--------------------------------------------------------------------------- |