Revision 06a45374
Added by Ermal LUÇI over 12 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 578 | 578 |
$config['captiveportal'][$cpzone]['listenporthttp'] ? |
| 579 | 579 |
$config['captiveportal'][$cpzone]['listenporthttp'] : |
| 580 | 580 |
$config['captiveportal'][$cpzone]['zoneid']; |
| 581 |
|
|
| 582 |
if (isset($cpcfg['httpslogin'])) {
|
|
| 583 |
$listenporthttps = $listenporthttp + 1; |
|
| 584 |
$cprules .= "add 65531 set 1 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
|
|
| 585 |
} |
|
| 581 | 586 |
|
| 582 | 587 |
$cprules .= <<<EOD |
| 583 | 588 |
|
| 584 | 589 |
# redirect non-authenticated clients to captive portal |
| 585 |
add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any in
|
|
| 590 |
add 65531 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in
|
|
| 586 | 591 |
# let the responses from the captive portal web server back out |
| 587 | 592 |
add 65532 set 1 pass tcp from any to any out |
| 588 | 593 |
# block everything else |
Also available in: Unified diff
Fixes #2006 Forward to lighty only port 80 and 443 tcp rather than all tcp traffic.