From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 11 Nov 2017 12:47:37 +0000 (+0000)
Subject: captive portal: Require authorization before redirecting to proxy
X-Git-Tag: v2.19-core117~1^2~84
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9bb405536712b79f8b77771707c5dbc4002fc3f2;p=ipfire-2.x.git

captive portal: Require authorization before redirecting to proxy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/core/117/filelists/files b/config/rootfiles/core/117/filelists/files
index 6fef8c08ec..59bd5dfcca 100644
--- a/config/rootfiles/core/117/filelists/files
+++ b/config/rootfiles/core/117/filelists/files
@@ -5,4 +5,5 @@ srv/web/ipfire/html/themes/darkdos/include/functions.pl
 srv/web/ipfire/html/themes/ipfire-legacy/include/functions.pl
 srv/web/ipfire/html/themes/ipfire/include/functions.pl
 srv/web/ipfire/html/themes/maniac/include/functions.pl
+usr/local/bin/captivectrl
 var/ipfire/network-functions.pl
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index c4d2fefe41..cab791c1f7 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -310,6 +310,10 @@ iptables_init() {
 	iptables -t nat -N NAT_SOURCE
 	iptables -t nat -A POSTROUTING -j NAT_SOURCE
 
+	# Captive Portal
+	iptables -t nat -N CAPTIVE_PORTAL
+	iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
+
 	# Custom prerouting chains (for transparent proxy)
 	iptables -t nat -N SQUID
 	iptables -t nat -A PREROUTING -j SQUID
@@ -344,10 +348,6 @@ iptables_init() {
 	iptables -N UPNPFW
 	iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
 
-	# Captive Portal
-	iptables -t nat -N CAPTIVE_PORTAL
-	iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
-
 	# RED chain, used for the red interface
 	iptables -N REDINPUT
 	iptables -A INPUT -j REDINPUT