diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 6b0f9a1..4e67c72 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -293,7 +293,8 @@ function captiveportal_rules_generate() { $cpifn = $config['captiveportal']['interface']; $cpif = $config['interfaces'][$cpifn]['if']; $cpip = $config['interfaces'][$cpifn]['ipaddr']; - + $lanip = $config['interfaces']['lan']['ipaddr']; + /* note: the captive portal daemon inserts all pass rules for authenticated clients as skipto 50000 rules to make traffic shaping work */ @@ -356,16 +357,26 @@ add 1204 set 1 pass icmp from any to $cpip in icmptype 0 add 1300 set 1 pass udp from any to $cpip 53 in add 1301 set 1 pass udp from $cpip 53 to any out +# allow access to our DNS forwarder if it incorrectly resolves the hostname to $lanip +add 1300 set 1 pass udp from any to $lanip 53 in +add 1301 set 1 pass udp from $lanip 53 to any out + # allow access to our web server add 1302 set 1 pass tcp from any to $cpip 8000 in add 1303 set 1 pass tcp from $cpip 8000 to any out +# allow access to lan web server incase the dns name resolves incorrectly to $lanip +add 1302 set 1 pass tcp from any to $lanip 8000 in +add 1303 set 1 pass tcp from $lanip 8000 to any out + EOD; if (isset($config['captiveportal']['httpslogin'])) { $cprules .= <<<EOD add 1304 set 1 pass tcp from any to $cpip 8001 in add 1305 set 1 pass tcp from $cpip 8001 to any out +add 1302 set 1 pass tcp from any to $lanip 8001 in +add 1303 set 1 pass tcp from $lanip 8001 to any out EOD; } |