File tree 4 files changed +54
-1
lines changed
controllers/OPNsense/CaptivePortal/forms
models/OPNsense/CaptivePortal
service/templates/OPNsense/IPFW
4 files changed +54
-1
lines changed Original file line number Diff line number Diff line change 1717 <type >select_multiple</type >
1818 <help ><![CDATA[ Select interface(s) to enable for captive portal.]]> help >
1919 </field >
20+ <field >
21+ <id >zone.interfaces_inbound</id >
22+ <label >Allow inbound</label >
23+ <type >select_multiple</type >
24+ <help ><![CDATA[
25+ Select interfaces from which to allow inbound (stateful) traffic. This can be convenient if the zone in question
26+ contains machines/servers which should be accessible from other networks attached to this firewall.
27+ ]]> </help >
28+ </field >
2029 <field >
2130 <id >zone.authservers</id >
2231 <label >Authenticate using</label >
Original file line number Diff line number Diff line change 3131namespace OPNsense \CaptivePortal ;
3232
3333use OPNsense \Base \BaseModel ;
34+ use OPNsense \Base \Messages \Message ;
3435
3536/**
3637 * Class CaptivePortal
@@ -84,4 +85,35 @@ public function getTemplateByName($name)
8485 $ newItemfileid = uniqid ();
8586 return $ newItem
8687 }
88+ /**
89+ * {@inheritdoc}
90+ */
91+ public function performValidation ($ validateFullModelfalse )
92+ {
93+ $ messagesparent ::performValidation ($ validateFullModel
94+ // validate changed instances
95+ foreach ($ this zones ->zone ->iterateItems () as $ zone
96+ if (!$ validateFullModel$ zoneisFieldChanged ()) {
97+ continue ;
98+ }
99+ $ key$ zone__reference ;
100+ if (!empty ((string )$ zoneinterfaces_inbound ) && !empty ((string )$ zoneinterfaces )) {
101+ $ ifs_inboundarray_filter (explode (', ' , $ zoneinterfaces_inbound ));
102+ $ ifsarray_filter (explode (', ' , $ zoneinterfaces ));
103+ $ overlaparray_intersect ($ ifs_inbound$ ifs
104+ if (!empty ($ overlap
105+ $ messagesappendMessage (
106+ new Message (
107+ sprintf (
108+ gettext ("Inbound interfaces may not overlap with zone interfaces (%s) " ),
109+ implode (', ' , $ overlap
110+ ),
111+ $ key".interfaces_inbound "
112+ )
113+ );
114+ }
115+ }
116+ }
117+ return $ messages
118+ }
87119}
Original file line number Diff line number Diff line change 11<model >
22 <mount >//OPNsense/captiveportal</mount >
3- <version >1.0.1 </version >
3+ <version >1.0.2 </version >
44 <description >Captive portal application model</description >
55 <items >
66 <zones >
2525 </filters >
2626 <ValidationMessage >At least one interface must be selected</ValidationMessage >
2727 </interfaces >
28+ <interfaces_inbound type =" InterfaceField"
29+ <Multiple >Y</Multiple >
30+ <filters >
31+ <enable >/^(?!0).*$/</enable >
32+ </filters >
33+ </interfaces_inbound >
2834 <authservers type =" AuthenticationServerField"
2935 <Multiple >Y</Multiple >
3036 </authservers >
Original file line number Diff line number Diff line change @@ -116,6 +116,12 @@ add {{loop.index + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or me
116116{# authenticated clients #}
117117add {{3000 + item.zoneid|int }} skipto tablearg ip from table({{item.zoneid|int}}) to any via {{item.if}}
118118add {{3000 + item.zoneid|int }} skipto tablearg ip from any to table({{item.zoneid|int}}) via {{item.if}}
119+ # Allowed traffic heading into this zone #
120+ {% if item.obj.interfaces_inbound|default('') != '' %}
121+ {% for inbound_if in item.obj.interfaces_inbound.split(',') if helpers.physical_interface(inbound_if)%}
122+ add {{3000 + item.zoneid|int }} skipto 60000 ip from any to any recv {{helpers.physical_interface(inbound_if)}} xmit {{item.if}} keep-state
123+ {% endfor %}
124+ {% endif %}
119125{% endfor %}
120126
121127
You can’t perform that action at this time.
0 commit comments