Commands to bypass CP at certain times?
-
The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.
#!/usr/local/bin/php -f /* $Id$ */ /* rc.captiveportal_disable copied and modified from rc.captiveportal_configure */ require("config.inc"); require("functions.inc"); require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); captiveportal_disable(); function captiveportal_disable() { global $config, $cpzone; if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; if (isset($cp['enable'])) { unset($cp['enable']); } captiveportal_configure_zone($cp); } } else mwexec("/sbin/sysctl net.link.ether.ipfw=0"); } ?> -
Wow! I'll give it ago ;D Thank you!
Edit: If CP is running with authentication and the script is executed will users be directed right to the web?
I haven't been able to get it to work, but I most likely have something configured wrong…Andy
-
Well… I thought so. I tried it on mine - but I don't have the typical CP setup. I'm not doing any authentication and when I have rules in, I have some other stuff that bypasses the captive portal rules.
However, I don't know why it wouldn't work. The script should completely disable the ipfw firewall. You can double check that it is disabled by executing the ipfw command from a prompt (afer doing rc.captiveportal_disable)... do "ipfw -x your_zone_name show". When it is disabled, you should get an error back. When not disabled, it will show all the rules...
-
Looks like the text editor I used put a ^M at the end of each line. I'll clean it up and see what happens ::) I told you I'm new at this. lol
Edit: good grief I went through many commands to remove the carriage return only to have them come back when the script was executed or the server was rebooted. Apparently when a file is accessed in cron it is stored in the main xml file and rewrites anything back to the old state that has been changed. Solution was to remove the ^M, then cp to another file name and then point cron to the new file name that had the ^M removed.
-
THANK YOU ;D
This script works great, just what I was looking for!
Again greatly appreciated…
Andy from the U.S.
-
and for enable?
therer turns off and dont turn on :(
-
The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.
This is just up the thread ;)
-
The following script will disable it… just save it as /etc/rc.captiveportal_disable and make it executable (chmod +x). Call it from cron to disable and then call rc.captiveportal_configure to re-enable the portal. Note that the script does not change the "enable" flag in the config.xml file, so if you go into the UI, it will still show as enabled.
This is just up the thread ;)
Sorry, ! without attention :D
I Changed the rc.captiveportal_configure same rc.captiveportal_disable hahahaha :-[
with same code ::)
-
The other thing you need to remember… this code does not actually change the "enable" setting in config.xml. So... if you go into the UI it will show the portal still enabled. In addition, if you save anything in the UI, it will be re-enabled...
-
I was wondering if this could be used to turn off CP on certain zones wile CP is still active on others?
Many thanks,
Andy -
Nice little backend workaround
-
I was wondering if this could be used to turn off CP on certain zones wile CP is still active on others?
Many thanks,
AndyAs currently written it just loops through all zones, but I'm sure I could modify it to shut off certain ones… How would you want it to work? Just provide a command line list of zones to disable?
-
Hello,
Thinking out loud here. As we currently use it, one CP zone is turned off a few times a week using cron jobs to activate your script. A second zone would be up all the time, for now.
The command line option sounds quite effective from a setup standpoint. Though depending on how it is written, if the need arose to have more than one CP deactivated/activated on different schedules, would we simply copy and rename the script for the new zone that we wanted controlled?
From a programming standpoint, if it would be much less complicated on your end, I could forgo the command line option and edit the script with the zone name to be controlled. If it would be easier on your end…Edit: Another thought / question, I am assuming that captiveportal_configure is a system wide ipfw restart and would boot everyone regardless of zone when activated...?
Many thanks,
Andy -
Yea… good point on captiveportal_configure. I will probably have to also create an enable script. Using both scripts you could explicitly start/stop named zones. The process would be something like "captiveportal_disable a c", "captiveportal_enable a c" - where 'a' and 'c' are zone names. Of course, you'd have to schedule the above commands (via cron) to execute in the correct order.
Make sense?
-
Yes it does :)
-
OK… think it will be pretty easy. If I can't get to it tonight, it will probably be Sunday or Monday.
-
OK… I'm no PHP guru and I don't have multiple zones setup to test this with, but I think this will work. For rc.captiveportal_disable you would put "rc.captiveportal_disable zone1,zone2,zone3" with no spaces... This is the code for rc.captiveportal_disable (and I'm sure someone could make it more elegant).
#!/usr/local/bin/php -f /* $Id$ */ /* rc.captiveportal_disable copied and modified from rc.captiveportal_configure */ require("config.inc"); require("functions.inc"); require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); captiveportal_disable(); function captiveportal_disable() { global $config, $cpzone, $argv; if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; if (strpos($argv[1], $cpzone) !== false) { if (isset($cp['enable'])) { unset($cp['enable']); } captiveportal_configure_zone($cp); } } } else mwexec("/sbin/sysctl net.link.ether.ipfw=0"); } ?>rc.captiveportal_enable would be the same syntax "rc.captiveportal_enable zone1,zone2,zone3"
#!/usr/local/bin/php -f /* $Id$ */ /* rc.captiveportal_disable copied and modified from rc.captiveportal_configure */ require("config.inc"); require("functions.inc"); require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); captiveportal_enable(); function captiveportal_enable() { global $config, $cpzone, $argv; if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; if (strpos($argv[1], $cpzone) !== false) { $cp['enable']=true; captiveportal_configure_zone($cp); } } } else mwexec("/sbin/sysctl net.link.ether.ipfw=0"); } ?> -
Hello,
Thank you so much. To clarify, the zone names are being passed via the command line at runtime? So the file name would always be rc.captiveportal_disable but add a "space" and then zone name(s) in cron?Good day,
Andy -
Correct… and list the zone names with a separator such as a comma and no space "zone1,zone2,zone_etc" The code just looks for the zone name in the list that you pass using an "instring" function... not perfect because if you have zones that are named a subset of each other, it won't work correctly. For example, if you have zones "randy" and "randyc" and you you put "randyc" on the command line it would find both "randy"and "randyc" (in what you put on the command line) and shut both down...
What can I say... it was easy... If I get more time I'll make it better. I just don't know PHP syntax that well so things take me longer than they should :-)
-
Hi,
I ran the disable script at the command line: rc.captiveportal_disable PortalThe error : "Command not found" was returned…? Portal is the name of my test CP. I used chmod +x before trying.
Also in the enable script should " ...ipfw=0"); " be a =1 instead?
Good day,
Andy -
do "./rc.captiveportal_disable Portal"
As far as ipfw=0… I don't think it really matters and I even thought about taking the check out. It is only executed if there is no captive portal section in the config.xml, and, if that doesn't exist in config.xml then ipfw SHOULD be disabled...
-
Hi,
I was able to test these on a virtual system. The disable script took the "Portal" command but disabled both of the CP zones. The configure script ran with "Portal" but didn't enable either zone. I will get a chance to try them on a live system tonight.Thank you,
Andy -
BTW… I think the zone name may be lower case in the config... not sure but I think it might save "Portal" as "portal"... Anyway, let me know. I tried it on my system and it worked, but I only have one zone. I can create more if I need to so that I can test it...
-
Awesome, used lower case "portal" and only that one turned on in the test system :D I'm learning slowly ::)
Edit: My meeting got canceled so no live run, but it is working great on my virtual machines.