Revision 3a4b0147
Added by Ermal LUÇI over 12 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 36 | 36 |
added rules which may have been created by other per-user code (index.php, etc). |
| 37 | 37 |
These changes are (c) 2004 Keycom PLC. |
| 38 | 38 |
|
| 39 |
pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload
|
|
| 39 |
pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl |
|
| 40 | 40 |
pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl |
| 41 | 41 |
pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp |
| 42 | 42 |
pfSense_MODULE: captiveportal |
| ... | ... | |
| 204 | 204 |
return $htmltext; |
| 205 | 205 |
} |
| 206 | 206 |
|
| 207 |
function captiveportal_load_modules() {
|
|
| 208 |
global $config; |
|
| 209 |
|
|
| 210 |
mute_kernel_msgs(); |
|
| 211 |
if (!is_module_loaded("ipfw.ko")) {
|
|
| 212 |
mwexec("/sbin/kldload ipfw");
|
|
| 213 |
/* make sure ipfw is not on pfil hooks */ |
|
| 214 |
mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" .
|
|
| 215 |
" net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\""); |
|
| 216 |
} |
|
| 217 |
/* Always load dummynet now that even allowed ip and mac passthrough use it. */ |
|
| 218 |
if (!is_module_loaded("dummynet.ko")) {
|
|
| 219 |
mwexec("/sbin/kldload dummynet");
|
|
| 220 |
mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256");
|
|
| 221 |
} |
|
| 222 |
unmute_kernel_msgs(); |
|
| 223 |
|
|
| 224 |
/* XXX: This are not used in pfSense, if needed can be tuned |
|
| 225 |
if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
|
|
| 226 |
mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}");
|
|
| 227 |
} else {
|
|
| 228 |
mwexec("sysctl net.inet.ip.fw.dyn_max=10000");
|
|
| 229 |
} |
|
| 230 |
*/ |
|
| 231 |
} |
|
| 232 |
|
|
| 207 | 233 |
function captiveportal_configure() {
|
| 208 | 234 |
global $config, $cpzone; |
| 209 | 235 |
|
| 210 | 236 |
if (is_array($config['captiveportal'])) {
|
| 237 |
captiveportal_load_modules(); |
|
| 211 | 238 |
mwexec("/sbin/sysctl net.link.ether.ipfw=1");
|
| 212 | 239 |
foreach ($config['captiveportal'] as $cpkey => $cp) {
|
| 213 | 240 |
$cpzone = $cpkey; |
| ... | ... | |
| 491 | 518 |
if (!isset($config['captiveportal'][$cpzone]['enable'])) |
| 492 | 519 |
return; |
| 493 | 520 |
|
| 521 |
captiveportal_load_modules(); |
|
| 522 |
|
|
| 494 | 523 |
$cpips = array(); |
| 495 | 524 |
$ifaces = get_configured_interface_list(); |
| 496 | 525 |
$cpinterfaces = explode(",", $config['captiveportal'][$cpzone]['interface']);
|
| ... | ... | |
| 530 | 559 |
/* init dummynet/ipfw rules number database */ |
| 531 | 560 |
captiveportal_init_ipfw_ruleno(); |
| 532 | 561 |
|
| 533 |
/* make sure ipfw is loaded */ |
|
| 534 |
if (!is_module_loaded("ipfw.ko"))
|
|
| 535 |
filter_load_ipfw(); |
|
| 536 |
/* Always load dummynet now that even allowed ip and mac passthrough use it. */ |
|
| 537 |
if (!is_module_loaded("dummynet.ko")) {
|
|
| 538 |
mwexec("/sbin/kldload dummynet");
|
|
| 539 |
mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256");
|
|
| 540 |
} |
|
| 541 |
|
|
| 542 | 562 |
$cprules = "add 65291 set 1 allow pfsync from any to any\n"; |
| 543 | 563 |
$cprules .= "add 65292 set 1 allow carp from any to any\n"; |
| 544 | 564 |
|
Also available in: Unified diff
Resolves #2529. Load the ipfw module before any commands are executed on CP. Also move the filter_load_ipfw() to captiveportal.inc:captiveportal_load_modules() since no other place uses ipfw(4)