diff options
author | Ermal <eri@pfsense.org> | 2010-05-03 17:43:39 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-05-03 17:43:39 +0000 |
commit | b01792a0a3df6795d21ca205cf57b371b41bf195 (patch) | |
tree | f36c9f2aaeb6ed7e9013a8526c1b809bfcd28278 /usr/local/www | |
parent | 7133ab35b97ba2600d7ad1125bb15c3b6d51eb52 (diff) | |
download | pfsense-b01792a0a3df6795d21ca205cf57b371b41bf195.zip pfsense-b01792a0a3df6795d21ca205cf57b371b41bf195.tar.gz |
Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/services_captiveportal_ip.php | 12 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 39 |
2 files changed, 33 insertions, 18 deletions
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index fb8711b..4bf2cf9 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -56,8 +56,10 @@ if ($_GET['act'] == "del") { $ipent = $a_allowedips[$_GET['id']]; if (isset($config['captiveportal']['enable'])) { - mwexec("/sbin/ipfw table 1 delete " . $ipent['ip']); - mwexec("/sbin/ipfw table 2 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 3 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 4 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 5 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 6 delete " . $ipent['ip']); } unset($a_allowedips[$_GET['id']]); @@ -104,7 +106,13 @@ include("head.inc"); <?php $i = 0; foreach ($a_allowedips as $ip): ?> <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> + <?php if($ip['dir'] == "to") + echo "any <img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">"; + ?> <?=strtolower($ip['ip']);?> + <?php if($ip['dir'] == "from") + echo "<img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; + ?> </td> <td class="listbg"> <?=htmlspecialchars($ip['descr']);?> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 45c4e2f..09d8075 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -67,6 +67,7 @@ if (isset($_POST['id'])) if (isset($id) && $a_allowedips[$id]) { $pconfig['ip'] = $a_allowedips[$id]['ip']; + $pconfig['dir'] = $a_allowedips[$id]['dir']; $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; $pconfig['descr'] = $a_allowedips[$id]['descr']; @@ -104,6 +105,7 @@ if ($_POST) { if (!$input_errors) { $ip = array(); $ip['ip'] = $_POST['ip']; + $ip['dir'] = $_POST['dir']; $ip['descr'] = $_POST['descr']; if ($_POST['bw_up']) $ip['bw_up'] = $_POST['bw_up']; @@ -117,22 +119,11 @@ if ($_POST) { write_config(); - if (isset($config['captiveportal']['enable'])) { - $bwup = ""; - $bwdown = ""; - $ruleno = captiveportal_get_next_ipfw_ruleno(); - if (!empty($ip['bw_up'])) { - $pipeno = $ruleno + 20000; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100"); - $bwup = "pipe {$pipeno}"; - } - if (!empty($ip['bw_down'])) { - $pipeno = $ruleno + 20001; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100"); - $bwdown = "pipe {$pipeno}"; - } - mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}"); - mwexec("/sbin/ipfw table 2 add {$ip['ip']} {$bwdown}"); + if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) { + $rules = captiveportal_allowedip_configure_entry($ip); + file_put_contents("{$g['tmp_path']}/allowedip_tmp", $rules); + mwexec("/sbin/ipfw {$g['tmp_path']}/allowedip_tmp"); + @unlink("{$g['tmp_path']}/allowedip_tmp"); } header("Location: services_captiveportal_ip.php"); @@ -149,6 +140,22 @@ include("head.inc"); <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> + <td width="22%" valign="top" class="vncellreq">Direction</td> + <td width="78%" class="vtable"> + <select name="dir" class="formfld"> + <?php + $dirs = explode(" ", "Both From To") ; + foreach ($dirs as $dir): ?> + <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> > + <?=htmlspecialchars($dir);?> + </option> + <?php endforeach; ?> + </select> + <br> + <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication). + Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">IP address</td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>"> |