}
int main(void) {
- char green_dev[STRING_SIZE] = "";
char buffer[STRING_SIZE];
char *index, *ipaddress, *macaddress, *enabled;
struct keyvalue *kv = NULL;
+ struct keyvalue* captive_settings = NULL;
if (!(initsetuid()))
exit(1);
exit(1);
}
- /* Get the GREEN interface details */
- if (findkey(kv, "GREEN_DEV", green_dev) > 0) {
- if (!VALID_DEVICE(green_dev)) {
- fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);
- exit(1);
- }
+ // Read captive portal settings
+ captive_settings = initkeyvalues();
+ if (!readkeyvalues(captive_settings, CONFIG_ROOT "/captive/settings")) {
+ fprintf(stderr, "Could not read captive portal settings\n");
+ exit(1);
}
/* Get the BLUE interface details */
exit(0);
}
+ // Check if the captive portal is enabled on blue. If so, we will
+ // just keep the chains flushed and do not add any rules.
+ char captive_enabled[STRING_SIZE];
+ if (findkey(captive_settings, "ENABLE_BLUE", captive_enabled) > 0) {
+ if (strcmp(captive_enabled, "on") == 0) {
+ return 0;
+ }
+ }
+
if ((fd = fopen(CONFIG_ROOT "/wireless/nodrop", "r")))
return 0;
if (strcmp(enabled, "on") == 0) {
/* both specified, added security */
if ((strlen(macaddress) == 17) && (VALID_IP_AND_MASK(ipaddress))) {
- snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev);
safe_system(command);
} else {
/* correctly formed mac address is 17 chars */
if (strlen(macaddress) == 17) {
- snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev);
safe_system(command);
}
if (VALID_IP_AND_MASK(ipaddress)) {
- snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -s %s -i %s -j RETURN", ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -s %s -i %s -j RETURN", ipaddress, blue_dev);
safe_system(command);