Project

General

Profile

« Previous | Next » 

Revision ec509679

Added by Ermal LUÇI over 12 years ago

Remove set 1 keywords from rules since sets are not used in CP since long time.

View differences:

etc/inc/captiveportal.inc
513 513
	/* init dummynet/ipfw rules number database */
514 514
	captiveportal_init_ipfw_ruleno();
515 515

  
516
	$cprules =	"add 65291 set 1 allow pfsync from any to any\n";
517
	$cprules .= "add 65292 set 1 allow carp from any to any\n";
516
	$cprules =	"add 65291 allow pfsync from any to any\n";
517
	$cprules .= "add 65292 allow carp from any to any\n";
518 518

  
519 519
	$cprules .= <<<EOD
520
# add 65300 set 1 skipto 65534 all from any to any not layer2
521 520
# layer 2: pass ARP
522
add 65301 set 1 pass layer2 mac-type arp,rarp
521
add 65301 pass layer2 mac-type arp,rarp
523 522
# pfsense requires for WPA
524
add 65302 set 1 pass layer2 mac-type 0x888e,0x88c7
523
add 65302 pass layer2 mac-type 0x888e,0x88c7
525 524
# PPP Over Ethernet Session Stage/Discovery Stage
526
add 65303 set 1 pass layer2 mac-type 0x8863,0x8864
525
add 65303 pass layer2 mac-type 0x8863,0x8864
527 526

  
528 527
# layer 2: block anything else non-IP(v4/v6)
529
add 65307 set 1 deny layer2 not mac-type ip,ipv6
528
add 65307 deny layer2 not mac-type ip,ipv6
530 529

  
531 530
EOD;
532 531

  
......
542 541
		$ipcount++;
543 542
	}
544 543
	$ips = "{ 255.255.255.255 or {$ips} }";
545
	$cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n";
544
	$cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";
546 545
	$rulenum++;
547
	$cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n";
546
	$cprules .= "add {$rulenum} pass ip from {$ips} to any out\n";
548 547
	$rulenum++;
549
	$cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n";
548
	$cprules .= "add {$rulenum} pass icmp from {$ips} to any out icmptype 0\n";
550 549
	$rulenum++;
551
	$cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n";
550
	$cprules .= "add {$rulenum} pass icmp from any to {$ips} in icmptype 8 \n";
552 551
	$rulenum++;
553 552
	/* Allowed ips */
554 553
	$cprules .= "add {$rulenum} allow ip from table(3) to any in\n";
......
569 568
	$rulenum++;
570 569

  
571 570
	/* Authenticated users rules. */
572
	$cprules .= "add {$rulenum} set 1 pipe tablearg ip from table(1) to any in\n";
571
	$cprules .= "add {$rulenum} pipe tablearg ip from table(1) to any in\n";
573 572
	$rulenum++;
574
	$cprules .= "add {$rulenum} set 1 pipe tablearg ip from any to table(2) out\n";
573
	$cprules .= "add {$rulenum} pipe tablearg ip from any to table(2) out\n";
575 574
	$rulenum++;
576 575
	
577 576
	$listenporthttp =
......
581 580

  
582 581
	if (isset($cpcfg['httpslogin'])) {
583 582
		$listenporthttps = $listenporthttp + 1;
584
		$cprules .= "add 65531 set 1 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
583
		$cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
585 584
	}
586 585
	
587 586
	$cprules .= <<<EOD
588 587

  
589 588
# redirect non-authenticated clients to captive portal
590
add 65532 set 1 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in 
589
add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in 
591 590
# let the responses from the captive portal web server back out
592
add 65533 set 1 pass tcp from any to any out
591
add 65533 pass tcp from any to any out
593 592
# block everything else
594
add 65534 set 1 deny all from any to any
593
add 65534 deny all from any to any
595 594

  
596 595
EOD;
597 596

  

Also available in: Unified diff