Commit 0fb1cb1d authored by Ad Schellevis's avatar Ad Schellevis

(captive portal) handle transparant proxy from within ipfw, bit of a...

(captive portal) handle transparant proxy from within ipfw, bit of a workaround for https://github.com/opnsense/core/issues/1189
parent 3b54d298
...@@ -59,7 +59,6 @@ ...@@ -59,7 +59,6 @@
<field> <field>
<id>zone.allowedAddresses</id> <id>zone.allowedAddresses</id>
<label>Allowed addresses</label> <label>Allowed addresses</label>
<type>text</type>
<type>select_multiple</type> <type>select_multiple</type>
<style>tokenize</style> <style>tokenize</style>
<help><![CDATA[Avoid authentication for addresses and subnets in this list]]></help> <help><![CDATA[Avoid authentication for addresses and subnets in this list]]></help>
...@@ -68,13 +67,26 @@ ...@@ -68,13 +67,26 @@
<field> <field>
<id>zone.allowedMACAddresses</id> <id>zone.allowedMACAddresses</id>
<label>Allowed MAC addresses</label> <label>Allowed MAC addresses</label>
<type>text</type>
<type>select_multiple</type> <type>select_multiple</type>
<style>tokenize</style> <style>tokenize</style>
<help><![CDATA[Avoid authentication for physical addresses in this list]]></help> <help><![CDATA[Avoid authentication for physical addresses in this list]]></help>
<allownew>true</allownew> <allownew>true</allownew>
<advanced>true</advanced> <advanced>true</advanced>
</field> </field>
<field>
<id>zone.transparantHTTPProxy</id>
<label>Transparant proxy (http)</label>
<type>checkbox</type>
<help><![CDATA[Forward http traffic to transparant proxy]]></help>
<allownew>true</allownew>
</field>
<field>
<id>zone.transparantHTTPSProxy</id>
<label>Transparant proxy (https)</label>
<type>checkbox</type>
<help><![CDATA[Forward https traffic to transparant proxy]]></help>
<allownew>true</allownew>
</field>
<field> <field>
<id>zone.template</id> <id>zone.template</id>
<label>Custom template</label> <label>Custom template</label>
......
...@@ -68,6 +68,14 @@ ...@@ -68,6 +68,14 @@
<mask>/^((([0-9a-fA-F]{2}:){5}([0-9a-fA-F]{2})([,]){0,1}))*/u</mask> <mask>/^((([0-9a-fA-F]{2}:){5}([0-9a-fA-F]{2})([,]){0,1}))*/u</mask>
<ValidationMessage>Please enter valid mac addresses</ValidationMessage> <ValidationMessage>Please enter valid mac addresses</ValidationMessage>
</allowedMACAddresses> </allowedMACAddresses>
<transparantHTTPProxy type="BooleanField">
<default>0</default>
<Required>Y</Required>
</transparantHTTPProxy>
<transparantHTTPSProxy type="BooleanField">
<default>0</default>
<Required>Y</Required>
</transparantHTTPSProxy>
<template type="ModelRelationField"> <template type="ModelRelationField">
<Model> <Model>
<template> <template>
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
{% for cp_intf in cp_item.interfaces.split(',') %} {% for cp_intf in cp_item.interfaces.split(',') %}
{% if intf_key == cp_intf %} {% if intf_key == cp_intf %}
{% if cp_item.enabled|default('0') == '1' %} {% if cp_item.enabled|default('0') == '1' %}
{% do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if}) %} {% do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if, 'obj':cp_item}) %}
{% do is_cp.append(1) %} {% do is_cp.append(1) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
...@@ -207,6 +207,8 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{ ...@@ -207,6 +207,8 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% include "OPNsense/IPFW/ipfw.fw.conf" ignore missing with context %}
# pass authorized # pass authorized
add 65533 pass ip from any to any add 65533 pass ip from any to any
......
{#
parse all active captive portal zones and create redirect rules where transparant mode is enabled
#}
{% for cp_zone in cp_interface_list %}
{% if cp_zone.obj.transparantHTTPProxy|default('0') == '1' %}
# HTTP redirect {{ cp_zone.zone }}
ipfw add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.port }} tcp from any to any dst-port 80 via {{ cp_zone.if }}
{% endif %}
{% if cp_zone.obj.transparantHTTPSProxy|default('0') == '1' %}
# HTTPS redirect {{ cp_zone.zone }}
ipfw add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.sslbumpport }} tcp from any to any dst-port 443 via {{ cp_zone.if }}
{% endif %}
{% endfor %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment