(captive portal) handle transparant proxy from within ipfw

PR: https://github.com/opnsense/core/issues/1189

(cherry picked from commit 0fb1cb1d)
(cherry picked from commit e52b51f5)
(cherry picked from commit 98ed70d8)
(cherry picked from commit 0760c967)

src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/forms/dialogZone.xml

@@ -59,7 +59,6 @@
     <field>
         <id>zone.allowedAddresses</id>
         <label>Allowed addresses</label>
-        <type>text</type>
         <type>select_multiple</type>
         <style>tokenize</style>
         <help><![CDATA[Avoid authentication for addresses and subnets in this list]]></help>
@@ -68,13 +67,26 @@
     <field>
         <id>zone.allowedMACAddresses</id>
         <label>Allowed MAC addresses</label>
-        <type>text</type>
         <type>select_multiple</type>
         <style>tokenize</style>
         <help><![CDATA[Avoid authentication for physical addresses in this list]]></help>
         <allownew>true</allownew>
         <advanced>true</advanced>
     </field>
+    <field>
+        <id>zone.transparentHTTPProxy</id>
+        <label>Transparent proxy (HTTP)</label>
+        <type>checkbox</type>
+        <help><![CDATA[Forward HTTP traffic to transparent proxy]]></help>
+        <allownew>true</allownew>
+    </field>
+    <field>
+        <id>zone.transparentHTTPSProxy</id>
+        <label>Transparent proxy (HTTPS)</label>
+        <type>checkbox</type>
+        <help><![CDATA[Forward HTTPS traffic to transparent proxy]]></help>
+        <allownew>true</allownew>
+    </field>
     <field>
         <id>zone.template</id>
         <label>Custom template</label>

src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CaptivePortal.xml

@@ -68,6 +68,14 @@
                     <mask>/^((([0-9a-fA-F]{2}:){5}([0-9a-fA-F]{2})([,]){0,1}))*/u</mask>
                     <ValidationMessage>Please enter valid mac addresses</ValidationMessage>
                 </allowedMACAddresses>
+                <transparentHTTPProxy type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </transparentHTTPProxy>
+                <transparentHTTPSProxy type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </transparentHTTPSProxy>
                 <template type="ModelRelationField">
                     <Model>
                         <template>

src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf

@@ -10,7 +10,7 @@
 {%        for cp_intf in cp_item.interfaces.split(',') %}
 {%          if intf_key == cp_intf %}
 {%              if cp_item.enabled|default('0') == '1' %}
-{%                  do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if}) %}
+{%                  do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if, 'obj':cp_item}) %}
 {%                  do is_cp.append(1) %}
 {%              endif %}
 {%          endif %}
@@ -207,6 +207,8 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
 {% endfor %}
 {% endif %}
 
+{% include "OPNsense/IPFW/ipfw.fw.conf" ignore missing with context %}
+
 # pass authorized
 add 65533 pass ip from any to any
 

src/opnsense/service/templates/OPNsense/IPFW/ipfw.fw.conf

+
+{#
+  parse all active captive portal zones and create redirect rules where transparent mode is enabled
+#}
+{% for cp_zone in cp_interface_list %}
+{% if cp_zone.obj.transparentHTTPProxy|default('0') == '1' %}
+# HTTP redirect {{ cp_zone.zone }}
+add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.port }} tcp from any to any dst-port 80 via {{ cp_zone.if }}
+{% endif %}
+{% if cp_zone.obj.transparentHTTPSProxy|default('0') == '1' %}
+# HTTPS redirect {{ cp_zone.zone }}
+add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.sslbumpport }} tcp from any to any dst-port 443 via {{ cp_zone.if }}
+{% endif %}
+{% endfor %}