captive: Do not generally allow access to TCP/1013

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/misc-progs/captivectrl.c b/src/misc-progs/captivectrl.c
index 378ba01800fa8061d6d72eaf79c5955202b5dfdb..1b6408426e1d1c3624326c516f64098b237070a8 100644 (file)
--- a/src/misc-progs/captivectrl.c
+++ b/src/misc-progs/captivectrl.c
@@ -260,6 +260,13 @@ static int add_interface_rule(const char* intf, int allow_webif_access) {
        if (r)
                return r;
 
+       // Allow access to captive portal site
+       snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS"
+               " -d %s -p tcp --dport %d -j RETURN", intf, REDIRECT_PORT);
+       r = safe_system(command);
+       if (r)
+               return r;
+
        return 0;
 }
 
@@ -293,13 +300,6 @@ static int add_interface_rules(struct keyvalue* captive_portal_settings, struct
        if (r)
                return r;
 
-       char command[STRING_SIZE];
-       snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS"
-               " -p tcp --dport %d -j RETURN", REDIRECT_PORT);
-       r = safe_system(command);
-       if (r)
-               return r;
-
        // Add the last rule
        r = safe_system(IPTABLES " -A CAPTIVE_PORTAL_CLIENTS -j DROP");
        if (r)