summaryrefslogtreecommitdiffstats
path: root/src/etc
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2017-07-25 13:47:30 -0300
committerRenato Botelho <renato@netgate.com>2017-07-25 13:47:30 -0300
commit3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44 (patch)
tree35b66b0f44800586fb6f470506c866da0372df9e /src/etc
parentb40b4a3efee225f8ed24ac768e0fb83f83390890 (diff)
downloadpfsense-3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44.zip
pfsense-3c4fcd5bdc71a54b7c3c24ca331a8d8fc8693c44.tar.gz
Ressurrect nomacfilter option on CP now IPFW supports combined tables with IP and MAC address
Diffstat (limited to 'src/etc')
-rw-r--r--src/etc/inc/captiveportal.inc21
1 files changed, 14 insertions, 7 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
index 4ca39ac..8c6fd9c 100644
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -861,9 +861,9 @@ function captiveportal_prune_old() {
false, // Not an interim request
$rastop_time); // Stop Time
$clientsn = (is_ipaddrv6($cpentry[2])) ? 128 : 32;
- /* XXX: Fix
- $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_up, $cpentry[2], $clientsn, $cpentry[3]);
- $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_down, $cpentry[2], $clientsn, $cpentry[3]);
+ /* XXX Fixme
+ $_gb = @pfSense_ipfw_table_zerocnt("{$cpzone}_auth_up", {$cpentry[2]/$clientsn});
+ $_gb = @pfSense_ipfw_table_zerocnt("{$cpzone}_auth_down", {$cpentry[2]/$clientsn});
*/
if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") {
/* Need to pause here or the FreeRADIUS server gets confused about packet ordering. */
@@ -1020,7 +1020,11 @@ function captiveportal_disconnect($dbent, $radiusservers, $term_cause = 1, $stop
}
if (is_ipaddr($dbent[2])) {
- /* Delete client's ip entry from tables auth_up and auth_down. */
+ /*
+ * Delete client's ip entry from tables auth_up and auth_down.
+ *
+ * It's not necessary to explicit specify mac address here
+ */
$clientsn = (is_ipaddrv6($dbent[2])) ? 128 : 32;
pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}");
pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}");
@@ -2292,9 +2296,12 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri
$_gb = @pfSense_ipfw_pipe("pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100 buckets 16");
$_gb = @pfSense_ipfw_pipe("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16");
- $clientsn = (is_ipaddrv6($clientip)) ? 128 : 32;
- $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_up_pipeno);
- $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_down_pipeno);
+ $rule_entry = "{$clientip}/" . (is_ipaddrv6($clientip)) ? "128" : "32";
+ if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) {
+ $rule_entry .= ",{$clientmac}";
+ }
+ $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_up_pipeno);
+ $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_down_pipeno);
if ($attributes['voucher']) {
$attributes['session_timeout'] = $remaining_time;
OpenPOWER on IntegriCloud