diff --git a/config/cron/crontab b/config/cron/crontab
index c6d8a725c..4561f4a24 100644
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -65,6 +65,12 @@ HOME=/
 # Retry sending spooled mails regularly
 %hourly * /usr/sbin/dma -q
 
+# Cleanup captive clients
+%hourly * /usr/bin/captive-cleanup
+
+# Reload captive firewall rules
+%nightly * 23-1   /usr/local/bin/captivectrl >/dev/null
+
 # Cleanup the mail spool directory
 %weekly * * /usr/sbin/dma-cleanup-spool
 
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index ec36774b3..a76d46e2b 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -72,6 +72,7 @@ run
 #usr/bin/perl
 #usr/include
 #usr/lib
+usr/bin/captive-cleanup
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
 usr/lib/firewall/ipsec-block
diff --git a/lfs/stage2 b/lfs/stage2
index b70bde78a..0a5ac65c0 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -107,6 +107,7 @@ endif
 	# Move script to correct place.
 	mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
 	mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+	mv -vf /usr/local/bin/captive-cleanup /usr/bin/
 	
 	# Install firewall scripts.
 	mkdir -pv /usr/lib/firewall
diff --git a/src/scripts/captive-cleanup b/src/scripts/captive-cleanup
new file mode 100755
index 000000000..4bcdab5fb
--- /dev/null
+++ b/src/scripts/captive-cleanup
@@ -0,0 +1,43 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2016  IPFire Team  <alexander.marx@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+
+my %settings=();
+my %clientshash=();
+my $settingsfile="${General::swroot}/captive/settings";
+my $clients="${General::swroot}/captive/clients";
+my $time;
+my $expiretime;
+
+if (-f $settingsfile && -f $clients && ! -z $clients){
+	&General::readhash("$settingsfile", \%settings) if(-f $settingsfile);
+	&General::readhasharray("$clients", \%clientshash);
+	$time = time();
+	foreach my $key (keys %clientshash) {
+		$expiretime=($clientshash{$key}[5]*3600)+$clientshash{$key}[6];
+		if ($expiretime < $time){
+			delete $clientshash{key};
+		}
+	}
+}