diff options
| author | Ermal <eri@pfsense.org> | 2012-12-13 20:51:19 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-12-13 20:51:19 +0000 |
| commit | 06a45374b159db353f24f7c39ab8ce52038b6d89 (patch) | |
| tree | 3f0ac3cf10ea7d05c96aa9bafd3a80974c5c7b97 /etc | |
| parent | d0288824f3719138a53d01ff6e4fa49fde18972d (diff) | |
| download | pfsense-06a45374b159db353f24f7c39ab8ce52038b6d89.zip pfsense-06a45374b159db353f24f7c39ab8ce52038b6d89.tar.gz | |
Fixes #2006 Forward to lighty only port 80 and 443 tcp rather than all tcp traffic.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9477a91..0047073 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -578,11 +578,16 @@ EOD; $config['captiveportal'][$cpzone]['listenporthttp'] ? $config['captiveportal'][$cpzone]['listenporthttp'] : $config['captiveportal'][$cpzone]['zoneid']; + + if (isset($cpcfg['httpslogin'])) { + $listenporthttps = $listenporthttp + 1; + $cprules .= "add 65531 set 1 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n"; + } $cprules .= <<<EOD # redirect non-authenticated clients to captive portal -add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any in +add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in # let the responses from the captive portal web server back out add 65532 set 1 pass tcp from any to any out # block everything else |
