diff options
author | Renato Botelho <renato@netgate.com> | 2017-07-25 13:47:30 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-07-25 13:47:30 -0300 |
commit | 3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44 (patch) | |
tree | 35b66b0f44800586fb6f470506c866da0372df9e /src/etc | |
parent | b40b4a3efee225f8ed24ac768e0fb83f83390890 (diff) | |
download | pfsense-3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44.zip pfsense-3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44.tar.gz |
Ressurrect nomacfilter option on CP now IPFW supports combined tables with IP and MAC address
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 4ca39ac..8c6fd9c 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -861,9 +861,9 @@ function captiveportal_prune_old() { false, // Not an interim request $rastop_time); // Stop Time $clientsn = (is_ipaddrv6($cpentry[2])) ? 128 : 32; - /* XXX: Fix - $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_up, $cpentry[2], $clientsn, $cpentry[3]); - $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_down, $cpentry[2], $clientsn, $cpentry[3]); + /* XXX Fixme + $_gb = @pfSense_ipfw_table_zerocnt("{$cpzone}_auth_up", {$cpentry[2]/$clientsn}); + $_gb = @pfSense_ipfw_table_zerocnt("{$cpzone}_auth_down", {$cpentry[2]/$clientsn}); */ if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { /* Need to pause here or the FreeRADIUS server gets confused about packet ordering. */ @@ -1020,7 +1020,11 @@ function captiveportal_disconnect($dbent, $radiusservers, $term_cause = 1, $stop } if (is_ipaddr($dbent[2])) { - /* Delete client's ip entry from tables auth_up and auth_down. */ + /* + * Delete client's ip entry from tables auth_up and auth_down. + * + * It's not necessary to explicit specify mac address here + */ $clientsn = (is_ipaddrv6($dbent[2])) ? 128 : 32; pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}"); pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}"); @@ -2292,9 +2296,12 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri $_gb = @pfSense_ipfw_pipe("pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100 buckets 16"); $_gb = @pfSense_ipfw_pipe("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16"); - $clientsn = (is_ipaddrv6($clientip)) ? 128 : 32; - $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_up_pipeno); - $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_down_pipeno); + $rule_entry = "{$clientip}/" . (is_ipaddrv6($clientip)) ? "128" : "32"; + if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) { + $rule_entry .= ",{$clientmac}"; + } + $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_up_pipeno); + $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_down_pipeno); if ($attributes['voucher']) { $attributes['session_timeout'] = $remaining_time; |