webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

captive: Do not generally allow access to TCP/1013

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2016-09-04 09:45:53 +01:00
parent 43834c4969
commit abc41f02dd
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/misc-progs/captivectrl.c
View File

@@ -260,6 +260,13 @@ static int add_interface_rule(const char* intf, int allow_webif_access) {
if (r)
return r;
// Allow access to captive portal site
snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS"
" -d %s -p tcp --dport %d -j RETURN", intf, REDIRECT_PORT);
r = safe_system(command);
if (r)
return r;
return 0;
}
@@ -293,13 +300,6 @@ static int add_interface_rules(struct keyvalue* captive_portal_settings, struct
if (r)
return r;
char command[STRING_SIZE];
snprintf(command, sizeof(command), IPTABLES " -A CAPTIVE_PORTAL_CLIENTS"
" -p tcp --dport %d -j RETURN", REDIRECT_PORT);
r = safe_system(command);
if (r)
return r;
// Add the last rule
r = safe_system(IPTABLES " -A CAPTIVE_PORTAL_CLIENTS -j DROP");
if (r)