1 #!/bin/sh /etc/rc.common
3 EXTRA_COMMANDS
=clear_leases
8 config_get zone
"$cfg" zone
9 [ -n "$zone" ] ||
return 0
11 config_get net
"$cfg" network
12 [ -n "$net" ] ||
return 0
14 config_get ipaddr
"$net" ipaddr
15 [ -n "$ipaddr" ] ||
return 0
17 config_get netmask
"$net" netmask
18 [ -n "$netmask" ] ||
return 0
20 eval "$(ipcalc.sh $ipaddr $netmask)"
22 iptables
-t nat
-A prerouting_
${zone} -j luci_splash_prerouting
23 iptables
-t nat
-A luci_splash_prerouting
-s "$NETWORK/$PREFIX" -p ! tcp
-j luci_splash_portal
24 iptables
-t nat
-A luci_splash_prerouting
-s "$NETWORK/$PREFIX" -d ! "$ipaddr" -j luci_splash_portal
25 iptables
-t nat
-A luci_splash_prerouting
-s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp
-m multiport
! --dport 22,80,443 -j luci_splash_portal
29 config_get zone
"$1" zone
30 [ -n "$zone" ] ||
return 0
31 while iptables
-t nat
-D prerouting_
${zone} -j luci_splash_prerouting
2>&-; do :; done
37 config_get mac
"$cfg" mac
38 [ -n "$mac" ] && iptables
-t nat
-I luci_splash_leases
-m mac
--mac-source "$mac" -j DROP
44 config_get mac
"$cfg" mac
45 [ -n "$mac" ] && iptables
-t nat
-I luci_splash_leases
-m mac
--mac-source "$mac" -j RETURN
49 ### We are started by the firewall include
54 ### Read chains from config
57 config_load luci_splash
60 iptables
-t nat
-N luci_splash_portal
61 iptables
-t nat
-N luci_splash_leases
62 iptables
-t nat
-N luci_splash_prerouting
64 ### Build the main and portal rule
65 config_foreach blacklist_add blacklist
66 config_foreach whitelist_add whitelist
67 config_foreach whitelist_add lease
68 config_foreach iface_add iface
70 ### Build the portal rule
71 iptables
-t nat
-A luci_splash_portal
-p udp
--dport 33434:33523 -j RETURN
72 iptables
-t nat
-A luci_splash_portal
-p icmp
-j RETURN
73 iptables
-t nat
-A luci_splash_portal
-p udp
--dport 53 -j RETURN
74 iptables
-t nat
-A luci_splash_portal
-j luci_splash_leases
76 ### Build the leases rule
77 iptables
-t nat
-A luci_splash_leases
-p tcp
--dport 80 -j REDIRECT
--to-ports 8082
78 iptables
-t nat
-A luci_splash_leases
-j DROP
81 grep luci-splash
/var
/spool
/cron
/crontabs
/root
>/dev
/null
2>&1 ||
{
82 echo '*/5 * * * * /usr/sbin/luci-splash sync' >> /var
/spool
/cron
/crontabs
/root
85 ### Start the splash httpd
86 start-stop-daemon
-S -m -p /var
/run
/luci-splashd.pid
-b -q -x /usr
/bin
/luci-splashd
90 ### Clear interface rules
91 config_load luci_splash
92 config_foreach iface_del iface
95 iptables
-t nat
-F luci_splash_leases
96 iptables
-t nat
-F luci_splash_portal
97 iptables
-t nat
-F luci_splash_prerouting
100 iptables
-t nat
-X luci_splash_leases
101 iptables
-t nat
-X luci_splash_portal
102 iptables
-t nat
-X luci_splash_prerouting
104 ### Stop the splash httpd
105 start-stop-daemon
-K -p /var
/run
/luci-splashd.pid
-s KILL
-q
107 sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var
/spool
/cron
/crontabs
/root
113 while uci
-P /var
/state del luci_splash.@lease
[0] 2>&-;do :; done