Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Commands to bypass CP at certain times?

    Captive Portal
    4
    28
    3102
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rjcrowder last edited by

      The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.

      #!/usr/local/bin/php -f
      /* $Id$ */
      /*
          rc.captiveportal_disable
      
          copied and modified from rc.captiveportal_configure
      */
      
      require("config.inc");
      require("functions.inc");
      require_once("filter.inc");
      require("shaper.inc");
      require("captiveportal.inc");
      
      captiveportal_disable();
      
      function captiveportal_disable() {
      	global $config, $cpzone;
      
      	if (is_array($config['captiveportal'])) {
      		foreach ($config['captiveportal'] as $cpkey => $cp) {
      			$cpzone = $cpkey;
      			if (isset($cp['enable'])) {
      				unset($cp['enable']);
      			}
      			captiveportal_configure_zone($cp);
      		}
      	} else
      		mwexec("/sbin/sysctl net.link.ether.ipfw=0");
      }
      
      ?>
      
      
      1 Reply Last reply Reply Quote 0
      • G
        GS850L last edited by

        Wow!  I'll give it ago ;D  Thank you!

        Edit: If CP is running with authentication and the script is executed will users be directed right to the web?
              I haven't been able to get it to work, but I most likely have something configured wrong…

        Andy


        1 Reply Last reply Reply Quote 0
        • R
          rjcrowder last edited by

          Well… I thought so. I tried it on mine - but I don't have the typical CP setup. I'm not doing any authentication and when I have rules in, I have some other stuff that bypasses the captive portal rules.

          However, I don't know why it wouldn't work. The script should  completely disable the ipfw firewall. You can double check that it is disabled by executing the ipfw command from a prompt (afer doing rc.captiveportal_disable)... do "ipfw -x your_zone_name show". When it is disabled, you should get an error back. When not disabled, it will show all the rules...

          1 Reply Last reply Reply Quote 0
          • G
            GS850L last edited by

            Looks like the text editor I used put a  ^M at the end of each line.  I'll clean it up and see what happens  ::)  I told you I'm new at this. lol

            Edit: good grief I went through many commands to remove the carriage return only to have them come back when the script was executed or the server was rebooted. Apparently when a file is accessed in cron it is stored in the main xml file and rewrites anything back to the old state that has been changed. Solution was to remove the ^M, then cp to another file name and then point cron to the new file name that had the ^M removed.

            1 Reply Last reply Reply Quote 0
            • G
              GS850L last edited by

              THANK YOU ;D

              This script works great, just what I was looking for!

              Again greatly appreciated…

              Andy from the U.S.

              1 Reply Last reply Reply Quote 0
              • J
                juninhoandrade last edited by

                and for enable?

                therer turns off and dont turn on :(

                1 Reply Last reply Reply Quote 0
                • G
                  GS850L last edited by

                  @rjcrowder:

                  The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.

                  This is just up the thread  ;)

                  1 Reply Last reply Reply Quote 0
                  • J
                    juninhoandrade last edited by

                    @GS850L:

                    @rjcrowder:

                    The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.

                    This is just up the thread  ;)

                    Sorry,  ! without attention :D

                    I Changed the rc.captiveportal_configure same rc.captiveportal_disable  hahahaha  :-[

                    with same code ::)

                    1 Reply Last reply Reply Quote 0
                    • R
                      rjcrowder last edited by

                      The other thing you need to remember… this code does not actually change the "enable" setting in config.xml. So... if you go into the UI it will show the portal still enabled. In addition, if you save anything in the UI, it will be re-enabled...

                      1 Reply Last reply Reply Quote 0
                      • G
                        GS850L last edited by

                        I was wondering if this could be used to turn off CP on certain zones wile CP is still active on others?

                        Many thanks,
                        Andy

                        1 Reply Last reply Reply Quote 0
                        • C
                          Cino last edited by

                          Nice little backend workaround

                          1 Reply Last reply Reply Quote 0
                          • R
                            rjcrowder last edited by

                            @GS850L:

                            I was wondering if this could be used to turn off CP on certain zones wile CP is still active on others?

                            Many thanks,
                            Andy

                            As currently written it just loops through all zones, but I'm sure I could modify it to shut off certain ones… How would you want it to work? Just provide a command line list of zones to disable?

                            1 Reply Last reply Reply Quote 0
                            • G
                              GS850L last edited by

                              Hello,
                                Thinking out loud here. As we currently use it, one CP zone is turned off a few times a week using cron jobs to activate your script. A second zone would be up all the time, for now.
                                The command line option sounds quite effective from a setup standpoint. Though depending on how it is written, if the need arose to have more than one CP deactivated/activated on different schedules, would we simply copy and rename the script for the new zone that we wanted controlled? 
                                From a programming standpoint, if it would be much less complicated on your end, I could forgo the command line option and edit the script with the zone name to be controlled. If it would be easier on your end…

                              Edit: Another thought / question, I am assuming that captiveportal_configure is a system wide ipfw restart and would boot everyone regardless of zone when activated...?

                              Many thanks,
                              Andy

                              1 Reply Last reply Reply Quote 0
                              • R
                                rjcrowder last edited by

                                Yea… good point on captiveportal_configure. I will probably have to also create an enable script. Using both scripts you could explicitly start/stop named zones. The process would be something like "captiveportal_disable a c", "captiveportal_enable a c" - where 'a' and 'c' are zone names. Of course, you'd have to schedule the above commands (via cron) to execute in the correct order.

                                Make sense?

                                1 Reply Last reply Reply Quote 0
                                • G
                                  GS850L last edited by

                                  Yes it does  :)

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rjcrowder last edited by

                                    OK… think it will be pretty easy. If I can't get to it tonight, it will probably be Sunday or Monday.

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rjcrowder last edited by

                                      OK… I'm no PHP guru and I don't have multiple zones setup to test this with, but I think this will work. For rc.captiveportal_disable you would put "rc.captiveportal_disable zone1,zone2,zone3" with no spaces... This is the code for rc.captiveportal_disable (and I'm sure someone could make it more elegant).

                                      #!/usr/local/bin/php -f
                                      /* $Id$ */
                                      /*
                                          rc.captiveportal_disable
                                      
                                          copied and modified from rc.captiveportal_configure
                                      */
                                      
                                      require("config.inc");
                                      require("functions.inc");
                                      require_once("filter.inc");
                                      require("shaper.inc");
                                      require("captiveportal.inc");
                                      
                                      captiveportal_disable();
                                      
                                      function captiveportal_disable() {
                                      	global $config, $cpzone, $argv;
                                      
                                      	if (is_array($config['captiveportal'])) {
                                      		foreach ($config['captiveportal'] as $cpkey => $cp) {
                                      			$cpzone = $cpkey;
                                      			if (strpos($argv[1], $cpzone) !== false) {
                                      				if (isset($cp['enable'])) {
                                      					unset($cp['enable']);
                                      				}
                                      				captiveportal_configure_zone($cp);
                                      			}
                                      		}
                                      	} else
                                      		mwexec("/sbin/sysctl net.link.ether.ipfw=0");
                                      }
                                      
                                      ?>
                                      
                                      

                                      rc.captiveportal_enable would be the same syntax "rc.captiveportal_enable zone1,zone2,zone3"

                                      #!/usr/local/bin/php -f
                                      /* $Id$ */
                                      /*
                                          rc.captiveportal_disable
                                      
                                          copied and modified from rc.captiveportal_configure
                                      */
                                      
                                      require("config.inc");
                                      require("functions.inc");
                                      require_once("filter.inc");
                                      require("shaper.inc");
                                      require("captiveportal.inc");
                                      
                                      captiveportal_enable();
                                      
                                      function captiveportal_enable() {
                                      	global $config, $cpzone, $argv;
                                      
                                      	if (is_array($config['captiveportal'])) {
                                      		foreach ($config['captiveportal'] as $cpkey => $cp) {
                                      			$cpzone = $cpkey;
                                      			if (strpos($argv[1], $cpzone) !== false) {
                                      				$cp['enable']=true;
                                      				captiveportal_configure_zone($cp);
                                      			}
                                      		}
                                      	} else
                                      		mwexec("/sbin/sysctl net.link.ether.ipfw=0");
                                      }
                                      
                                      ?>
                                      
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • G
                                        GS850L last edited by

                                        Hello,
                                          Thank you so much.    To clarify, the zone names are being passed via the command line at runtime? So the file name would always be rc.captiveportal_disable but add  a "space" and then zone name(s) in cron?

                                        Good day,
                                        Andy

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          rjcrowder last edited by

                                          Correct… and list the zone names with a separator such as a comma and no space "zone1,zone2,zone_etc" The code just looks for the zone name in the list that you pass using an "instring" function... not perfect because if you have zones that are named a subset of each other, it won't work correctly. For example, if you have zones "randy" and "randyc" and you you put "randyc" on the command line it would find both "randy"and "randyc" (in what you put on the command line) and shut both down...

                                          What can I say... it was easy... If I get more time I'll make it better. I just don't know PHP syntax that well so things take me longer than they should :-)

                                          1 Reply Last reply Reply Quote 0
                                          • G
                                            GS850L last edited by

                                            Hi,
                                                I ran the disable script at the command line: rc.captiveportal_disable Portal

                                            The error : "Command not found" was returned…?  Portal is the name of my test CP. I used chmod +x before trying.

                                            Also in the enable script should "  ...ipfw=0");  " be a =1 instead?

                                            Good day,
                                            Andy

                                            1 Reply Last reply Reply Quote 0
                                            • R
                                              rjcrowder last edited by

                                              do "./rc.captiveportal_disable Portal"

                                              As far as ipfw=0… I don't think it really matters and I even thought about taking the check out. It is only executed if there is no captive portal section in the config.xml, and, if that doesn't exist in config.xml then ipfw SHOULD be disabled...

                                              1 Reply Last reply Reply Quote 0
                                              • G
                                                GS850L last edited by

                                                Hi,
                                                    I was able to test these on a virtual system. The disable script took the "Portal" command but disabled both of the CP zones. The configure script ran with "Portal" but didn't enable either zone.  I will get a chance to try them on a live system tonight.

                                                Thank you,
                                                Andy

                                                1 Reply Last reply Reply Quote 0
                                                • R
                                                  rjcrowder last edited by

                                                  BTW… I think the zone name may be lower case in the config... not sure but I think it might save "Portal" as "portal"... Anyway, let me know. I tried it on my system and it worked, but I only have one zone. I can create more if I need to so that I can test it...

                                                  1 Reply Last reply Reply Quote 0
                                                  • G
                                                    GS850L last edited by

                                                    Awesome, used lower case "portal" and only that one turned on in the test system :D  I'm learning slowly ::)

                                                    Edit: My meeting got canceled so no live run, but it is working great on my virtual machines.

                                                    1 Reply Last reply Reply Quote 0
                                                    • First post
                                                      Last post

                                                    Products

                                                    • Platform Overview
                                                    • TNSR
                                                    • pfSense
                                                    • Appliances

                                                    Services

                                                    • Training
                                                    • Professional Services

                                                    Support

                                                    • Subscription Plans
                                                    • Contact Support
                                                    • Product Lifecycle
                                                    • Documentation

                                                    News

                                                    • Media Coverage
                                                    • Press
                                                    • Events

                                                    Resources

                                                    • Blog
                                                    • FAQ
                                                    • Find a Partner
                                                    • Resource Library
                                                    • Security Information

                                                    Company

                                                    • About Us
                                                    • Careers
                                                    • Partners
                                                    • Contact Us
                                                    • Legal
                                                    Our Mission

                                                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                    Subscribe to our Newsletter

                                                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                    © 2021 Rubicon Communications, LLC | Privacy Policy