Tag: pfSense

Patch for pfSense 2.2.5 to redirect proxy users to the authentification portal.

*** captiveportal.inc  Wed Nov 04 22:52:22 2015
--- captiveportal_patched.inc   Mon Dec 14 17:12:42 2015
***************
*** 539,544 ****
--- 539,548 ----
  EOD;
  
    $rulenum = 65310;
+   /* Deny direct access to local services before captive portal authentication */
+   $local_service_ports="3128,3129";
+   $cprules .= "add {$rulenum} skipto 65314 ip from any to table(100) {$local_service_ports} in\n";
+   $cprules .= "add {$rulenum} skipto 65314 ip from table(100) {$local_service_ports} to any out\n";
    /* These tables contain host ips */
    $cprules .= "add {$rulenum} pass ip from any to table(100) in\n";
    $rulenum++;
***************
*** 578,591 ****
        else
            $listenporthttps = 8001 + $cpzoneid;
            if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
!               $cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
            }
    }
    
    $cprules .= <<<EOD
  
  # redirect non-authenticated clients to captive portal
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in 
  # let the responses from the captive portal web server back out
  add 65533 pass tcp from any to any out
  # block everything else
--- 582,596 ----
        else
            $listenporthttps = 8001 + $cpzoneid;
            if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
!               $cprules .= "add 65530 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
            }
    }
    
    $cprules .= <<<EOD
  
  # redirect non-authenticated clients to captive portal
! add 65531 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in 
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 3128 in 
  # let the responses from the captive portal web server back out
  add 65533 pass tcp from any to any out
  # block everything else

Diff created with WinMerge.