Context Navigation

Changeset 13772 in hybrid for branches/releng-11/nanobsd/files/etc

Timestamp:

Jan 23, 2017, 5:26:28 PM (8 years ago)

Author:

rick

Message:

Fixing HTTPS allowance without accepting the terms.

From a node PoV the traffic from the client to the internet is flowing
inbound on the captive portal interfaces.

Location:

branches/releng-11/nanobsd/files/etc

Files:

-              r13724
+              r13772
 # By default deny all outgoing traffic to avoid systems spamming the network (9)
+block out on { $captive_portal_interfaces } from any to !$wl_net
+block in on { $captive_portal_interfaces } from any to !$wl_net
+# Quickly drop out, with nice return value, avoiding endless connections on portal setup (6)
+block return in quick on { $captive_portal_interfaces } proto tcp from !<wlportal> to !$wl_net port { $publicnat }
 # Note: not even HTTPS traffic allowed for those who has not clicked OK yet (6)
 pass out on { $captive_portal_interfaces } proto tcp from <wlportal> to !$wl_net port { $publicnat } keep state
+pass in on { $captive_portal_interfaces } proto tcp from <wlportal> to !$wl_net port { $publicnat } keep state
 # External interface is permissive (4)

-              r10745
+              r13772
 # By default deny all outgoing traffic to avoid systems spamming the network (9)
+block out on { $captive_portal_interfaces } from any to !$wl_net
+block in on { $captive_portal_interfaces } from any to !$wl_net
+# Quickly drop out, with nice return value, avoiding endless connections on portal setup (6)
+block return in quick on { $captive_portal_interfaces } proto tcp from !<wlportal> to !$wl_net port { $publicnat }
 # Note: not even HTTPS traffic allowed for those who has not clicked OK yet (6)
 pass out on { $captive_portal_interfaces } proto tcp from <wlportal> to !$wl_net port { $ileiden_ports } keep state
+pass in on { $captive_portal_interfaces } proto tcp from <wlportal> to !$wl_net port { $ileiden_ports } keep state

Note: See TracChangeset for help on using the changeset viewer.