diff options
Diffstat (limited to 'etc/inc/captiveportal.inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 42 |
1 files changed, 7 insertions, 35 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1e96b41..0d3853b 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -425,45 +425,14 @@ EOD; foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; - //# allow access to our DHCP server (which needs to be able to ping clients as well) - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; + $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 67 to any 68 out \n"; + $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n"; $rulenum++; - //# allow access to our DNS forwarder - $cprules .= "add {$rulenum} set 1 pass udp from any to {$ips} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 53 to any out \n"; - $rulenum++; - # allow access to our web server - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8000 to any out \n"; - - if (isset($config['captiveportal']['httpslogin'])) { - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8001 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8001 to any out \n"; - } - if (!empty($config['system']['webgui']['port'])) - $port = $config['system']['webgui']['port']; - else if ($config['system']['webgui']['proto'] == "http") - $port = 80; - else - $port = 443; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} {$port} in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} {$port} to any out \n"; - $rulenum++; - /* Allowed ips */ $cprules .= "add {$rulenum} allow ip from table(3) to any in\n"; $rulenum++; @@ -917,14 +886,17 @@ function captiveportal_allowedip_configure_entry($ipent) { $bw_up = $ruleno + 20000; $rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n"; } + $subnet = ""; + if (!empty($ipent['sn'])) + $subnet = "/{$ipent['sn']}"; foreach ($tablein as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_up}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n"; if ($enBwdown) { $bw_down = $ruleno + 20001; $rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n"; } foreach ($tableout as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_down}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n"; return $rules; } |
