Patch for pfSense 2.2.5 to redirect proxy users to the authentification portal.
*** captiveportal.inc Wed Nov 04 22:52:22 2015
--- captiveportal_patched.inc Mon Dec 14 17:12:42 2015
***************
*** 539,544 ****
--- 539,548 ----
EOD;
$rulenum = 65310;
+ /* Deny direct access to local services before captive portal authentication */
+ $local_service_ports="3128,3129";
+ $cprules .= "add {$rulenum} skipto 65314 ip from any to table(100) {$local_service_ports} in\n";
+ $cprules .= "add {$rulenum} skipto 65314 ip from table(100) {$local_service_ports} to any out\n";
/* These tables contain host ips */
$cprules .= "add {$rulenum} pass ip from any to table(100) in\n";
$rulenum++;
***************
*** 578,591 ****
else
$listenporthttps = 8001 + $cpzoneid;
if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
! $cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
}
}
$cprules .= <<<EOD
# redirect non-authenticated clients to captive portal
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in
# let the responses from the captive portal web server back out
add 65533 pass tcp from any to any out
# block everything else
--- 582,596 ----
else
$listenporthttps = 8001 + $cpzoneid;
if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
! $cprules .= "add 65530 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
}
}
$cprules .= <<<EOD
# redirect non-authenticated clients to captive portal
! add 65531 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 3128 in
# let the responses from the captive portal web server back out
add 65533 pass tcp from any to any out
# block everything else
Diff created with WinMerge.