Fixes #4150. Move to tables to accomodate unlimited number of interfaces.

1 files changed, 13 insertions, 13 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 4fc1f65..73b805e 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -513,10 +513,12 @@ function captiveportal_init_rules($reinit = false) {
 	if ($reinit == false)
 		$captiveportallck = lock("captiveportal{$cpzone}");
 
-	$cprules =	"add 65291 allow pfsync from any to any\n";
-	$cprules .= "add 65292 allow carp from any to any\n";
+	$cprules = <<<EOD
+
+flush
+add 65291 allow pfsync from any to any
+add 65292 allow carp from any to any
 
-	$cprules .= <<<EOD
 # layer 2: pass ARP
 add 65301 pass layer2 mac-type arp,rarp
 # pfsense requires for WPA
@@ -530,17 +532,16 @@ add 65307 deny layer2 not mac-type ip,ipv6
 EOD;
 
 	$rulenum = 65310;
-	$ipcount = 0;
+	/* These tables contain host ips */
+	$cprules .= "add {$rulenum} pass ip from any to table(100) in\n";
+	$rulenum++;
+	$cprules .= "add {$rulenum} pass ip from table(100) to any out\n";
+	$rulenum++;
 	$ips = "";
 	foreach ($cpips as $cpip) {
-		if($ipcount == 0) {
-			$ips = "{$cpip} ";
-		} else {
-			$ips .= "or {$cpip} ";
-		}
-		$ipcount++;
+		$cprules .= "table 100 add {$cpip}\n";
 	}
-	$ips = "{ 255.255.255.255 or {$ips} }";
+	$cprules .= "table 100 add 255.255.255.255\n";
 	$cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";
 	$rulenum++;
 	$cprules .= "add {$rulenum} pass ip from {$ips} to any out\n";
@@ -602,11 +603,10 @@ EOD;
 	$cprules .= captiveportal_allowedhostname_configure();
 	
 	/* load rules */
-	$cprules = "flush\n{$cprules}";
 	file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules);
 	mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true);
 	//@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules");
-	unset($cprules, $tmprules);
+	unset($cprules);
 
 	if ($reinit == false)
 		unlock($captiveportallck);