# Table used to authorized hosts
table <wlportal> persist counters

# Always be nice, and return the fact we are blocking the packets
set block-policy return

# Localhost is considered safe and should thus not be filtered
set skip on lo0

wl_net="172.16.0.0/12"
#captive_ifs="vr0,vr1,vr2,ue0"

# Redirect user to captive portal they have not clicked OK yet.
no rdr on { $captive_portal_interfaces } proto tcp from <wlportal> to !$wl_net port 80
rdr on { $captive_portal_interfaces } proto tcp from $wl_net to !$wl_net port 80 -> 127.0.0.1 port 8082

# Default allow
pass all