diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-09-09 09:09:49 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-09-12 08:44:50 -0300 |
commit | 666f88e0c81465984be477eeb8de4b31d97875fa (patch) | |
tree | 2f11439028a8021c8f90c31fb74405083afb1e3d /etc | |
parent | cfd88fbc838ab0ab08c166ede807e866716fb11f (diff) | |
download | pfsense-666f88e0c81465984be477eeb8de4b31d97875fa.zip pfsense-666f88e0c81465984be477eeb8de4b31d97875fa.tar.gz |
Add actions (block or pass) to Captive Portal passtrumac
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 55 |
1 files changed, 44 insertions, 11 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index f20de6d..0f73b0a 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -940,20 +940,52 @@ function captiveportal_passthrumac_configure_entry($macent) { $bwDown = empty($macent['bw_down']) ? 0 : $macent['bw_down']; $ruleno = captiveportal_get_next_ipfw_ruleno(); - $pipeno = captiveportal_get_next_dn_ruleno(); - $rules = ""; - $pipeup = $pipeno; - $_gb = @pfSense_pipe_action("pipe {$pipeup} config bw {$bwUp}Kbit/s queue 100 buckets 16"); - $pipedown = $pipeno + 1; - $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); - $rules .= "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; - $ruleno++; - $rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC {$macent['mac']} any\n"; + if ($macent['action'] == 'pass') { + $pipeno = captiveportal_get_next_dn_ruleno(); + + $pipeup = $pipeno; + $_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16"); + $pipedown = $pipeno + 1; + $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); + + $rules = "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; + $ruleno++; + $rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC {$macent['mac']} any\n"; + } else + $rules = "add {$ruleno} deny ip from any to any MAC {$macent['mac']} any\n"; return $rules; } +function captiveportal_passthrumac_delete_entry($macent) { + global $cpzone; + + $ruleno = captiveportal_get_ipfw_passthru_ruleno($macent['mac']); + + if (!$ruleno) + return false; + + $cmd = "/sbin/ipfw -x {$cpzone} delete {$ruleno}"; + captiveportal_free_ipfw_ruleno($ruleno, ($macent['action'] == 'block')); + + if ($macent['action'] == 'pass') { + $cmd .= "; /sbin/ipfw -x {$cpzone} delete " . ++$ruleno; + + $pipeno = captiveportal_get_dn_passthru_ruleno($macent['mac']); + + if (!empty($pipeno)) { + captiveportal_free_dn_ruleno($pipeno); + $cmd .= "; /sbin/ipfw -x {$cpzone} pipe delete " . $pipeno; + $cmd .= "; /sbin/ipfw -x {$cpzone} pipe delete " . ++$pipeno; + } + } + + mwexec($cmd); + + return true; +} + function captiveportal_passthrumac_configure($lock = false) { global $config, $g, $cpzone; @@ -1468,7 +1500,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2, $rulenos_range_m return $ruleno; } -function captiveportal_free_ipfw_ruleno($ruleno) { +function captiveportal_free_ipfw_ruleno($ruleno, $single_rule = false) { global $config, $g, $cpzone; $cpcfg = $config['captiveportal'][$cpzone]; @@ -1479,7 +1511,8 @@ function captiveportal_free_ipfw_ruleno($ruleno) { if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")); $rules[$ruleno] = false; - $rules[++$ruleno] = false; + if (!$single_rule) + $rules[++$ruleno] = false; file_put_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules", serialize($rules)); } unlock($cpruleslck); |