(captiveportal, new) ipfw template changes, do not backport to 15.7, breaks current captiveportal

bf62984d · Ad Schellevis · d9d68b45 · bf62984d · bf62984d
Commit bf62984d authored Oct 14, 2015 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 19 deletions

ipfw.conf src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf +24 -16

rc.conf.d src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d +3 -3

No files found.
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
 {# collect interfaces list (with / without captive portal enabled) #}
 {% set cp_interface_list = [] %}
-{% if helpers.exists('captiveportal') %}
+{% set no_cp_interface_list = [] %}
+{% if helpers.exists('OPNsense.captiveportal.zones.zone') %}
 {% for intf_key,interface in interfaces.iteritems()%}
 {%      set is_cp=[] %}
-{%      for cp_key,cp_item in captiveportal.iteritems()  %}
-{%          if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %}
-{%              if cp_item.enable|default('0') == '1' %}
-{%                  do cp_interface_list.append({'zone':cp_key,'zoneid':cp_item.zoneid,'if':interface.if}) %}
+{%      for cp_item in  helpers.toList('OPNsense.captiveportal.zones.zone') %}
+{%        for cp_intf in cp_item.interfaces.split(',') %}
+{%          if intf_key == cp_intf %}
+{%              if cp_item.enabled|default('0') == '1' %}
+{%                  do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if}) %}
 {%                  do is_cp.append(1) %}
 {%              endif %}
 {%          endif %}
+{%        endfor %}
 {%      endfor %}
+{%      if not is_cp%}
+{%              do no_cp_interface_list.append(interface) %}
+{%      endif %}
 {% endfor %}
+{% else %}
+{%      for intf_key,interface in interfaces.iteritems() %}
+{%              do no_cp_interface_list.append(interface) %}
+{%      endfor %}
 {% endif %}
+
 #======================================================================================
 # flush ruleset
 #======================================================================================
@@ -78,17 +89,11 @@ add {{loop.index  + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or {{

 {% for item in cp_interface_list %}
 #===================================================================================
-# zone {{item.zone}} ({{item.zoneid}}) configuration
+# zone {{item.zone}} ({{item.zoneid}}) / {{item.if}} configuration
 #===================================================================================
-{# authenticated users ( table 1 + 2 ) #}
-add {{3000 + item.zoneid|int * 10 + 1 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 1 }}) to any via {{item.if}}
-add {{3000 + item.zoneid|int * 10 + 2 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 1 }}) to any via {{item.if}}
-{# authenticated hosts ( table 3 + 4 ) #}
-add {{3000 + item.zoneid|int * 10 + 3 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 3 }}) to any via {{item.if}}
-add {{3000 + item.zoneid|int * 10 + 4 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 3 }}) to any via {{item.if}}
-{# authenticated mac addresses ( table 5 + 6 ) #}
-add {{3000 + item.zoneid|int * 10 + 5 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 5 }}) to any via {{item.if}}
-add {{3000 + item.zoneid|int * 10 + 6 }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{6*(item.zoneid|int-1) + 5 }}) to any via {{item.if}}
+{# authenticated clients #}
+add {{3000 + item.zoneid|int }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from table({{item.zoneid|int}}) to any via {{item.if}}
+add {{3000 + item.zoneid|int }}  skipto {{10001 + item.zoneid|int * 1000  }} ip from any to table({{item.zoneid|int}}) via {{item.if}}
 {% endfor %}


@@ -96,7 +101,9 @@ add {{3000 + item.zoneid|int * 10 + 6 }}  skipto {{10001 + item.zoneid|int * 100
 # redirect non-authenticated clients to captive portal @ local port 8000 + zoneid
 #======================================================================================
 {% for item in cp_interface_list %}
-add {{5000 + item.zoneid|int }} fwd 127.0.0.1,{{  item.zoneid|int + 8000 }} tcp from any to any dst-port 80 in via {{item.if}}
+add {{5000 + item.zoneid|int }} fwd 127.0.0.1,{{  item.zoneid|int + 8000 }} tcp from any to any dst-port 443 in via {{item.if}}
+add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 443 via {{item.if}}
+add {{5000 + item.zoneid|int }} fwd 127.0.0.1,{{  item.zoneid|int + 9000 }} tcp from any to any dst-port 80 in via {{item.if}}
 add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 80 via {{item.if}}
 {% endfor %}

@@ -113,6 +120,7 @@ add {{6001 + loop.index }} skipto 65534 all from any to any via {{item.if}}
 # send all the rest to the traffic shaper rules
 add 6199 skipto 60000 all from any to any

+
 #======================================================================================
 # setup zone accounting section
 #======================================================================================

--- a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d
+++ b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d
 {% set cp_zones = [] %}
-{% if helpers.exists('captiveportal') %}
-{%      for cp_key,cp_item in captiveportal.iteritems()  %}
-{%          if cp_item.enable|default("0") == '1' %}
+{% if helpers.exists('OPNsense.captiveportal.zones.zone') %}
+{%      for cp_item in helpers.toList('OPNsense.captiveportal.zones.zone')  %}
+{%          if cp_item.enabled|default("0") == '1' %}
 {%              do cp_zones.append(cp_key) %}
 {%          endif %}
 {%      endfor %}