diff options
author | Ermal <eri@pfsense.org> | 2012-12-10 21:51:49 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-12-10 21:52:08 +0000 |
commit | ee79fcda34ce65d9a9e99c26983659a5bc115b75 (patch) | |
tree | de07ca9f31ef8dbce34ff951c4bd56f832a2ab1a /etc | |
parent | 41ab0d074503b0af501ba18fb56e1a95e4ab536c (diff) | |
download | pfsense-ee79fcda34ce65d9a9e99c26983659a5bc115b75.zip pfsense-ee79fcda34ce65d9a9e99c26983659a5bc115b75.tar.gz |
Properly unlock before exit. Allow rarp to flow through ipfw of CP alos allow ipv6 packets so CP can work on v6
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index a397fa4..2a9929f 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -520,18 +520,14 @@ function captiveportal_init_rules($reinit = false) { $cprules .= <<<EOD # add 65300 set 1 skipto 65534 all from any to any not layer2 # layer 2: pass ARP -add 65301 set 1 pass layer2 mac-type arp +add 65301 set 1 pass layer2 mac-type arp,rarp # pfsense requires for WPA -add 65302 set 1 pass layer2 mac-type 0x888e -add 65303 set 1 pass layer2 mac-type 0x88c7 +add 65302 set 1 pass layer2 mac-type 0x888e,0x88c7 +# PPP Over Ethernet Session Stage/Discovery Stage +add 65303 set 1 pass layer2 mac-type pppoe_disc,pppoe_sess -# PPP Over Ethernet Discovery Stage -add 65304 set 1 pass layer2 mac-type 0x8863 -# PPP Over Ethernet Session Stage -add 65305 set 1 pass layer2 mac-type 0x8864 - -# layer 2: block anything else non-IP -add 65307 set 1 deny layer2 not mac-type ip +# layer 2: block anything else non-IP(v4/v6) +add 65307 set 1 deny layer2 not mac-type ip,ipv6 EOD; @@ -1775,6 +1771,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } else { portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.", $clientmac, $clientip, $username, $password); + unlock($cpdblck); exit; } } |