diff options
author | Renato Botelho <renato@netgate.com> | 2017-07-26 10:44:16 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-07-26 10:44:16 -0300 |
commit | e14c441bf9e1c922001180ff6cc02e0b4ef91723 (patch) | |
tree | 07799f99df3f6aecad12da8fe8c3ad3aa54bae96 /src/etc/inc | |
parent | f6e6ff31d24bf5e158026c0935b4d91d3fa2eaa7 (diff) | |
download | pfsense-e14c441bf9e1c922001180ff6cc02e0b4ef91723.zip pfsense-e14c441bf9e1c922001180ff6cc02e0b4ef91723.tar.gz |
Make rules that deal with IP+MAC pairs to be layer2 only
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index a80f156..1f232d7 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -630,9 +630,9 @@ function captiveportal_init_rules($reinit = false) { $cprules .= "table {$cpzone}_auth_up create type addr valtype pipe\n"; $cprules .= "table {$cpzone}_auth_down create type addr valtype pipe\n"; $cprules .= captiveportal_create_ipfw_rule("add", $rulenum, - "pipe tablearg ip from table({$cpzone}_auth_up) to any in"); + "pipe tablearg ip from table({$cpzone}_auth_up) to any layer2 in"); $cprules .= captiveportal_create_ipfw_rule("add", $rulenum, - "pipe tablearg ip from any to table({$cpzone}_auth_down) out"); + "pipe tablearg ip from any to table({$cpzone}_auth_down) layer2 out"); if (!empty($config['captiveportal'][$cpzone]['listenporthttp'])) { $listenporthttp = $config['captiveportal'][$cpzone]['listenporthttp']; @@ -2294,13 +2294,11 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri $_gb = @pfSense_ipfw_pipe("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16"); $rule_entry = "{$clientip}/" . (is_ipaddrv6($clientip) ? "128" : "32"); - $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_down_pipeno); - - /* Add MAC address on UP rule only */ if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) { $rule_entry .= ",{$clientmac}"; } $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_up_pipeno); + $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_down_pipeno); if ($attributes['voucher']) { $attributes['session_timeout'] = $remaining_time; |