Revision 28c54319
Added by Luiz Souza over 9 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 520 | 520 |
if ($reinit == false) |
| 521 | 521 |
$captiveportallck = lock("captiveportal{$cpzone}");
|
| 522 | 522 |
|
| 523 |
$cprules = "add 65291 allow pfsync from any to any\n"; |
|
| 524 |
$cprules .= "add 65292 allow carp from any to any\n"; |
|
| 523 |
$cprules = <<<EOD |
|
| 524 |
|
|
| 525 |
flush |
|
| 526 |
add 65291 allow pfsync from any to any |
|
| 527 |
add 65292 allow carp from any to any |
|
| 525 | 528 |
|
| 526 |
$cprules .= <<<EOD |
|
| 527 | 529 |
# layer 2: pass ARP |
| 528 | 530 |
add 65301 pass layer2 mac-type arp,rarp |
| 529 | 531 |
# pfsense requires for WPA |
| ... | ... | |
| 537 | 539 |
EOD; |
| 538 | 540 |
|
| 539 | 541 |
$rulenum = 65310; |
| 540 |
$ipcount = 0; |
|
| 541 |
$ips = ""; |
|
| 542 |
foreach ($cpips as $cpip) {
|
|
| 543 |
if($ipcount == 0) {
|
|
| 544 |
$ips = "{$cpip} ";
|
|
| 545 |
} else {
|
|
| 546 |
$ips .= "or {$cpip} ";
|
|
| 547 |
} |
|
| 548 |
$ipcount++; |
|
| 549 |
} |
|
| 550 |
$ips = "{ 255.255.255.255 or {$ips} }";
|
|
| 551 |
$cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";
|
|
| 542 |
/* These tables contain host ips */ |
|
| 543 |
$cprules .= "add {$rulenum} pass ip from any to table(100) in\n";
|
|
| 552 | 544 |
$rulenum++; |
| 553 |
$cprules .= "add {$rulenum} pass ip from {$ips} to any out\n";
|
|
| 545 |
$cprules .= "add {$rulenum} pass ip from table(100) to any out\n";
|
|
| 554 | 546 |
$rulenum++; |
| 555 |
$cprules .= "add {$rulenum} pass icmp from {$ips} to any out icmptype 0\n";
|
|
| 547 |
foreach ($cpips as $cpip) |
|
| 548 |
$cprules .= "table 100 add {$cpip}\n";
|
|
| 549 |
$cprules .= "add {$rulenum} pass ip from any to 255.255.255.255 in\n";
|
|
| 556 | 550 |
$rulenum++; |
| 557 |
$cprules .= "add {$rulenum} pass icmp from any to {$ips} in icmptype 8 \n";
|
|
| 551 |
$cprules .= "add {$rulenum} pass ip from 255.255.255.255 to any out\n";
|
|
| 558 | 552 |
$rulenum++; |
| 553 |
|
|
| 559 | 554 |
/* Allowed ips */ |
| 560 | 555 |
$cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any in\n";
|
| 561 | 556 |
$rulenum++; |
| ... | ... | |
| 609 | 604 |
$cprules .= captiveportal_allowedhostname_configure(); |
| 610 | 605 |
|
| 611 | 606 |
/* load rules */ |
| 612 |
$cprules = "flush\n{$cprules}";
|
|
| 613 | 607 |
file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules);
|
| 614 | 608 |
mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true);
|
| 615 | 609 |
//@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules");
|
| 616 |
unset($cprules, $tmprules);
|
|
| 610 |
unset($cprules); |
|
| 617 | 611 |
|
| 618 | 612 |
if ($reinit == false) |
| 619 | 613 |
unlock($captiveportallck); |
Also available in: Unified diff
Cherry-pick 98bf4991dc31f97fc7315a6b8aba433de9d39cea:
Fixes #4150. Move to tables to accomodate unlimited number of interfaces.
Cherry-pick 52fe0465b463dd8b8f4b2099d562254da320e704:
Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea.
The malformed rules breaks the parsing of initialisation rules.
Issue: #4746