Hi! I have to set up a captive portal login for a public network which works fine so far. The access points use the same network, the clients use.
I have these main zones: - net -> upstream - clt -> untrusted clients - cpalw -> captive portal allowed users, child zone of clt - white -> whitelist of public ips that are always allowed, child zone of net "cpalw" can always access "net", while "clt" only allows "white". To make the captive portal detection possible, I have a REDIRECT rule: REDIRECT clt 8080 tcp 80 Result: Client is redirected to CP, logs in, get's part of "cpalw" ipset, internet works. My questions are: - As "cpalw" is a child of "clt", does the REDIRECT rule still match? (looks like it's not, which is fine). "clt!cpalw" syntax does not work. - Untrusted clients like the access points still match the REDIRECT rule because it has precedence over the allow policy. The can not connect to external hosts with DPORT 80. How can I exclude a zone from a redirect rule? All other ports work fine. Thank you very much. Kind regards Kevin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
