From: Michael Tremer Date: Sun, 4 Sep 2016 08:45:53 +0000 (+0100) Subject: captive: Do not generally allow access to TCP/1013 X-Git-Tag: v2.19-core115~60^2~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=abc41f02dd31774d3bc311b4631fb5cf7f8992cd;p=people%2Fpmueller%2Fipfire-2.x.git captive: Do not generally allow access to TCP/1013 Signed-off-by: Michael Tremer --- diff --git a/src/misc-progs/captivectrl.c b/src/misc-progs/captivectrl.c index 378ba01800..1b6408426e 100644 --- a/src/misc-progs/captivectrl.c +++ b/src/misc-progs/captivectrl.c @@ -260,6 +260,13 @@ static int add_interface_rule(const char* intf, int allow_webif_access) { if (r) return r; + // Allow access to captive portal site + snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS" + " -d %s -p tcp --dport %d -j RETURN", intf, REDIRECT_PORT); + r = safe_system(command); + if (r) + return r; + return 0; } @@ -293,13 +300,6 @@ static int add_interface_rules(struct keyvalue* captive_portal_settings, struct if (r) return r; - char command[STRING_SIZE]; - snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS" - " -p tcp --dport %d -j RETURN", REDIRECT_PORT); - r = safe_system(command); - if (r) - return r; - // Add the last rule r = safe_system(IPTABLES " -A CAPTIVE_PORTAL_CLIENTS -j DROP"); if (r)