diff options
| -rw-r--r-- | etc/inc/captiveportal.inc | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 4fc1f65..73b805e 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -513,10 +513,12 @@ function captiveportal_init_rules($reinit = false) { if ($reinit == false) $captiveportallck = lock("captiveportal{$cpzone}"); - $cprules = "add 65291 allow pfsync from any to any\n"; - $cprules .= "add 65292 allow carp from any to any\n"; + $cprules = <<<EOD + +flush +add 65291 allow pfsync from any to any +add 65292 allow carp from any to any - $cprules .= <<<EOD # layer 2: pass ARP add 65301 pass layer2 mac-type arp,rarp # pfsense requires for WPA @@ -530,17 +532,16 @@ add 65307 deny layer2 not mac-type ip,ipv6 EOD; $rulenum = 65310; - $ipcount = 0; + /* These tables contain host ips */ + $cprules .= "add {$rulenum} pass ip from any to table(100) in\n"; + $rulenum++; + $cprules .= "add {$rulenum} pass ip from table(100) to any out\n"; + $rulenum++; $ips = ""; foreach ($cpips as $cpip) { - if($ipcount == 0) { - $ips = "{$cpip} "; - } else { - $ips .= "or {$cpip} "; - } - $ipcount++; + $cprules .= "table 100 add {$cpip}\n"; } - $ips = "{ 255.255.255.255 or {$ips} }"; + $cprules .= "table 100 add 255.255.255.255\n"; $cprules .= "add {$rulenum} pass ip from any to {$ips} in\n"; $rulenum++; $cprules .= "add {$rulenum} pass ip from {$ips} to any out\n"; @@ -602,11 +603,10 @@ EOD; $cprules .= captiveportal_allowedhostname_configure(); /* load rules */ - $cprules = "flush\n{$cprules}"; file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules); mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true); //@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules"); - unset($cprules, $tmprules); + unset($cprules); if ($reinit == false) unlock($captiveportallck); |
