Ooops add missing or.
include broadcast address to allow dhcp to work.
Fix the contents of the captive portal logout popup. Fixes #836
Use enable voucher variable
Fix formatting in if()
Detect and use a sample voucher page when vouchers are defined. Otherwise default to the user/pass default page.
Escape $ variables
Improve the standard Captive Portal pages when a custom page is not set
don't include 255.255.255.255 here
Add a subnet option to allowed ip addresses on CP.
Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.
Use proper locking.
Do not flush all tables unless Save was hit on webgui. This avoids flushing the tables that keep logged in users.
Do not reconfigure CP on every event of interfaces or while reloading the webGUI. Create 2 new function to just rewrite rules and restart the webserver for CP repctively for interface events and webGUI restart events.
Ooops curly missing.
Actually correctly handle some vip types ips for getNasIP.
Teach even getNasIP for the new callingstation ip setting.
correct the limiter, it reversed up/down before
Mute this command so people do not think something went wrong.
Use the new functions on CP code too.
Make the logout page configurable like the other pages. The only difference is that this page/code will be treated as a .php page so it may contain internal php CP variables referenced.
Remove part of the message displayed some people might find its completely ok to use it.
Add a function to find the mac address on a passthrough mac entry by username(if present) in the <username> tag of the entry.
Allow php code to be included in the primary captive portal page. Add new ORIGINAL_PORTAL_IP post item which will be experimenting with a master mutli voucher setup.
Include filter.inc for the ipfw load function.
Check if interface exists before issuing a command when disabling captiveportal.
The gui defaults to https in 2.0 correct it to make sure it is not stopped by CP on the CP interface[s].
Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page.
Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.
Make pasthrough GUI code catch-up with the latest changes.
Use tables of ipfw for passthrough mac entries. This makes it scale way better than previously. Fix multiple entries on adding mac through entries automatically after login for the same user. The changes allow even pass through mac to be controlled from the Status->Captiveportal. Use serialize/unserialize on some files that keep temporary information to speed up calculations. Really allow mac passthrough to follow radius rules or time out rules when present.
Add a new option which allows the admin user to configure CP so that it automatically enters an MAC passthru entry. The MAC is taken from login details and has to be removed manually. Also do improvements on rules handling and pipes. Add some optmizations. Teach the GUI/backend on ip/mac passthrough to configure a bw limit for this entries.
radius.inc already has this includes so do not include them explicitly. This unbreaks the loading of bcmath module since PEAR.inc is not yet included!
Use the ipfw(4) list functionality to reduce rules even more. Add allow rules for accessing pfSense webgui to not lock out operators behind the CP. Remove redundant rule regarding dns. Probably every dns request should be forwarded to the local dns server to not force clients to use the pfSense forwarder!
Add intermmediate certificate support to CP config page.
Include propper includes.
Put this code on propper context.
correct icmptypes so CP IP can be pinged
Try to prevent empty interfaces.
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
Properly correct ipfw rule.
Revert "Correct ipfw rule." Error of copy paste
This reverts commit 0f6fdf29a2f31bbf816eb3df33c3f1fc38c8b2a6.
Correct ipfw rule.
Not sure why this was changed like this. As is, you couldn't disconnect the first client. I don't see any reason to do it that way, and this is the way it's done in RELENG_1_2
always return the IP address hosting the page, rather than forcing to the hostname, requiring functional DNS name resolution which possibly doesn't exist. Restores 1.2.x behavior where client IP isn't in the same subnet as any CP-enabled interface.
actually allow DNS to forwarder. CP is still broken, but this is closer at least.
pointy-hat-to: eri
Allow udp only from/to our local dns server. If wanted pass through can be added.
- Should fix captive portal on carps Issue #116- Should fix the captive portal not working reports and Issue #118 NOTE: Now Captive portal is open on dns so no more is needed to add dns servers to pass through ips.
Forward all udp request to port 53(DNS) to our local server. This allows people with other dns configured other than the one in pfSense to still be able to authenticate in the CP.
Only unload ipfw.ko if it is loaded. Doh
set 2/3 are no more used with ipfw.
Move the allowed ips to set 1 as well.
Forward everything to the CP portal page since some people might have proxies in between.
Remove the anti lockout rule on captive portal ruleset this opens a can of worms.
Teach captiveportal code to use the mac in tables functionality. Change the default ruleset to reflect this.
It seems upon captive portal startup the captiveportal.db file is not written out until the /etc/rc.prunecaptiveportal script is run. If the Operator decides to visit status -> captive portal right after enabling the service they will be greated with some nasty nasty errors. Silence this nonsense by creating a blank captiveportal.db file right after nuking it.
Return NULL when captive portal is not enabled
Do not process IPFW rules if captive portal is disabled.
Fix multiple radius server handling.
Flush all tables when restarting/saving a CP configuration.
Before configuring CP make sure that all interfaces are not set for filtering with ipfw. Otherwise some wrong misconfigurations might happen when changing the interface on an active CP config.
Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions
Spelling and comment formatting changes, no code changes.
Correct typo. Reported-by: stompro(forums:http://forum.pfsense.org/index.php/topic,18841.0.html)
Merge branch 'master' of git://rcs.pfsense.org/pfsense/nigel-ca-chain into review/master
Conflicts: etc/inc/certs.inc etc/inc/upgrade_config.inc
Add my copyright.
Forgotten increase of the limit.
Use ipfw tables for allowed ips. This reduces the number of rules needed for them and speedups things when this list is big. This simplifies even deleteing an allowed ip from services->captiveportal->allowedips since we just need to remove them from the table.
Fix some logic on enabling or disabling ipfw filtering on interfaces.
Readd rule since it makes the policy easier to read.
Reduce some unneeded overhead in CP generated ipfw rules.
Circumvent weirdness of php when unsetting an array members during a loop.
Add ';' which should make the error page link work again.
Fix a probably php undetermined behaviour of code in php.
Fix various issues reported on http://forum.pfsense.org/index.php/topic,8672.0.html.
Port voucher login ability on CaptivePortal from M0n0Wall.
Various locking fixes are done with the import and this means that as of now pfSense has a better performin/behaving CP than m0n0wall.
Added a missing argument in the lighty configuration for captive portal.
Added support for certificate chains to manager so that lighty can deliver them via SSL.
Fix ipfw rule syntax.
Fix the rule to actually match on multiple interfaces.
Make the CP interface check code more buller proof.
Make CP multi-interface capable.
Use file() function which suits the need better.
Correct logic.
Reduce includes.
Convert CP to use the new lock/unlock functions.
Fix a lock leaking on CP.
Remove from filter load the captive portal module loading and move it to the captive portal functions where is its only place. Keep only the pass rule for the CP webserver will see later on if it can be removed at all.
Remove duplications.
Schedules are handled by pf(4) now.
Shaper has no more enable disable functionality.
Refactor ipfw loading.
Remove duplicate function portal_mac_fixed()
Restore accidentaly deleted code.
Interface list improvements.