From: Alexander Marx <alexander.marx@ipfire.org>
Date: Thu, 28 Jan 2016 15:08:32 +0000 (+0100)
Subject: Captive-Portal: add captive chains to firewall initscript
X-Git-Tag: v2.19-core115~60^2~90
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=bbaa3613b4e779fed958dc3f7918a65c57576fe8;hp=4d9002279f6cd5c73f0e6092c22ae2bfa49460bb

Captive-Portal: add captive chains to firewall initscript

When loading the initscript of the firewall the neccessary chains for
the captive portalneed to be created.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 7bdb292f7d..c4d2fefe41 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -224,6 +224,13 @@ iptables_init() {
 		iptables -A ${i} -j LOOPBACK
 	done
 
+	# Captive portal
+	iptables -N CAPTIVE_PORTAL
+	iptables -N CAPTIVE_PORTAL_CLIENTS
+	for i in INPUT FORWARD; do
+		iptables -A ${i} -j CAPTIVE_PORTAL
+	done
+
 	# Accept everything connected
 	for i in INPUT FORWARD OUTPUT; do
 		iptables -A ${i} -j CONNTRACK
@@ -337,6 +344,10 @@ iptables_init() {
 	iptables -N UPNPFW
 	iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
 
+	# Captive Portal
+	iptables -t nat -N CAPTIVE_PORTAL
+	iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
+
 	# RED chain, used for the red interface
 	iptables -N REDINPUT
 	iptables -A INPUT -j REDINPUT