Index: branches/releng-9.0/nanobsd/files/etc/ipfw.sh
===================================================================
--- branches/releng-9.0/nanobsd/files/etc/ipfw.sh	(revision 10200)
+++ branches/releng-9.0/nanobsd/files/etc/ipfw.sh	(revision 10201)
@@ -66,3 +66,4 @@
 for INF in $captive_portal_interfaces; do
   ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF}
+  ${fwcmd} add 11000 deny ip from any to any in via ${INF}
 done
Index: branches/releng-9.0/nanobsd/files/usr/local/www/wlportal/index.cgi
===================================================================
--- branches/releng-9.0/nanobsd/files/usr/local/www/wlportal/index.cgi	(revision 10200)
+++ branches/releng-9.0/nanobsd/files/usr/local/www/wlportal/index.cgi	(revision 10201)
@@ -181,5 +181,5 @@
     self.ip_in_firewall = {}
     if sp.returncode == 0:
-      # 10010   32   1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80
+      # 10010   32   1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80,443
       for line in output.strip().split('\n'):
         t = line.split()
@@ -227,5 +227,5 @@
     self.load()
     if not self.ip_in_firewall.has_key(ipaddr):
-      rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80".split()
+      rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80,443".split()
       rule[0] = str(self.available_rule)
       rule[4] = str(ipaddr)