diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 12 | ||||
-rwxr-xr-x | usr/local/captiveportal/index.php | 27 |
2 files changed, 21 insertions, 18 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 29eea0e..45e7718 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -362,8 +362,6 @@ add 1100 set 1 pass layer2 mac-type 0x888e # layer 2: block anything else non-IP add 1101 set 1 deny layer2 not mac-type ip -# layer 2: check if MAC addresses of authenticated clients are correct -add 1102 set 1 skipto 2000 layer2 EOD; @@ -400,14 +398,14 @@ EOD; $rulenum++; if (isset($config['captiveportal']['peruserbw'])) { - $cprules .= "add {$rulenum} set 2 pipe tablearg ip from table(3) to any in\n"; + $cprules .= "add {$rulenum} set 1 pipe tablearg ip from table(3) to any in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 2 pipe tablearg ip from any to table(4) out\n"; + $cprules .= "add {$rulenum} set 1 pipe tablearg ip from any to table(4) out\n"; $rulenum++; } else { - $cprules .= "add {$rulenum} set 2 skipto 50000 ip from table(3) to any in\n"; + $cprules .= "add {$rulenum} set 1 skipto 50000 ip from table(3) to any in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 2 skipto 50000 ip from any to table(4) out\n"; + $cprules .= "add {$rulenum} set 1 skipto 50000 ip from any to table(4) out\n"; $rulenum++; } @@ -615,8 +613,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* Delete client's ip entry from tables 3 and 4. */ mwexec("/sbin/ipfw table 3 delete {$dbent[2]}"); mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); - /* Delete client's ruleno */ - mwexec("/sbin/ipfw delete {$dbent[1]}"); /* * These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index af6f867..dd12911 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -324,22 +324,29 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { $bw_up_pipeno = $ruleno + 20000; mwexec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); - mwexec("/sbin/ipfw table 3 add {$clientip} {$bw_up_pipeno}"); + + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 3 add {$clientip} mac {$clientmac} {$bw_up_pipeno}"); + else + mwexec("/sbin/ipfw table 3 add {$clientip} {$bw_up_pipeno}"); } else { - mwexec("/sbin/ipfw table 3 add {$clientip}"); + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 3 add {$clientip} mac {$clientmac}"); + else + mwexec("/sbin/ipfw table 3 add {$clientip}"); } if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { $bw_down_pipeno = $ruleno + 20001; mwexec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); - mwexec("/sbin/ipfw table 4 add {$clientip} {$bw_down_pipeno}"); + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 4 add {$clientip} mac {$clientmac} {$bw_down_pipeno}"); + else + mwexec("/sbin/ipfw table 4 add {$clientip} {$bw_down_pipeno}"); } else { - mwexec("/sbin/ipfw table 4 add {$clientip}"); - } - - /* add ipfw rules for layer 2 */ - if (!isset($config['captiveportal']['nomacfilter'])) { - exec("/sbin/ipfw add $ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); - exec("/sbin/ipfw add $ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 4 add {$clientip} mac {$clientmac}"); + else + mwexec("/sbin/ipfw table 4 add {$clientip}"); } if ($attributes['voucher']) |