captive portal: Require authorization before redirecting to proxy
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 11 Nov 2017 12:47:37 +0000 (12:47 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 11 Nov 2017 12:48:54 +0000 (12:48 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/rootfiles/core/117/filelists/files
src/initscripts/system/firewall

index 6fef8c0..59bd5df 100644 (file)
@@ -5,4 +5,5 @@ srv/web/ipfire/html/themes/darkdos/include/functions.pl
 srv/web/ipfire/html/themes/ipfire-legacy/include/functions.pl
 srv/web/ipfire/html/themes/ipfire/include/functions.pl
 srv/web/ipfire/html/themes/maniac/include/functions.pl
+usr/local/bin/captivectrl
 var/ipfire/network-functions.pl
index c4d2fef..cab791c 100644 (file)
@@ -310,6 +310,10 @@ iptables_init() {
        iptables -t nat -N NAT_SOURCE
        iptables -t nat -A POSTROUTING -j NAT_SOURCE
 
+       # Captive Portal
+       iptables -t nat -N CAPTIVE_PORTAL
+       iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
+
        # Custom prerouting chains (for transparent proxy)
        iptables -t nat -N SQUID
        iptables -t nat -A PREROUTING -j SQUID
@@ -344,10 +348,6 @@ iptables_init() {
        iptables -N UPNPFW
        iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
 
-       # Captive Portal
-       iptables -t nat -N CAPTIVE_PORTAL
-       iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
-
        # RED chain, used for the red interface
        iptables -N REDINPUT
        iptables -A INPUT -j REDINPUT