diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-08-14 17:13:38 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-08-14 17:13:38 +0000 |
commit | f9f71ad37706cbe37ebc8af34aa55c029369c075 (patch) | |
tree | df22e56700dc3b90c6d0f6ed7ded3ecda3f6dd87 /usr/local/captiveportal/index.php | |
parent | 74194bf7bb8c8c5783c7a48dfc5f81d4ba5feca7 (diff) | |
download | pfsense-f9f71ad37706cbe37ebc8af34aa55c029369c075.zip pfsense-f9f71ad37706cbe37ebc8af34aa55c029369c075.tar.gz |
* Convert captive portal rules to use tables. This reduces the number of rules ALOT.
* Make the peruserbw setting use tables also by taking advantage of the tablearg option.
* Convert statistics to use the new improvements of ipfw tables merged previously.
* Make the limit of users allowed around 25000 instead of 9999 of before.
NOTE: The only thing remaining for full optimization on ipfw(4) side is converting passthrumac and layer2 secure rules to tables aswell.
Diffstat (limited to 'usr/local/captiveportal/index.php')
-rwxr-xr-x | usr/local/captiveportal/index.php | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 408e7f5..a1b2771 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -317,25 +317,24 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { - $bw_up_pipeno = $ruleno + 40500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_up_pipeno ip from $clientip to any in"); - exec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + $bw_up_pipeno = $ruleno + 20000; + mwexec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 3 add {$clientip} {$bw_up_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); + mwexec("/sbin/ipfw table 3 add {$clientip}"); } if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { - $bw_down_pipeno = $ruleno + 45500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out"); - exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + $bw_down_pipeno = $ruleno + 20001; + mwexec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 4 add {$clientip} {$bw_down_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); + mwexec("/sbin/ipfw table 4 add {$clientip}"); } /* add ipfw rules for layer 2 */ if (!isset($config['captiveportal']['nomacfilter'])) { - $l2ruleno = $ruleno + 10000; - exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); - exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); + exec("/sbin/ipfw add $ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); + exec("/sbin/ipfw add $ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); } if ($attributes['voucher']) |