Fix bad gateway after login

henmohr · Dec 14, 2024 · 432c9f9 · 432c9f9
1 parent 358c203
commit 432c9f9
Showing 1 changed file with 5 additions and 18 deletions.
diff --git a/packages/pirania/files/usr/bin/captive-portal b/packages/pirania/files/usr/bin/captive-portal
@@ -39,28 +39,15 @@ set_nftables () {
 	# Only accept packets from interfaces defined in catch_bridged_interfaces
 	catch_interfaces=$(uci get pirania.base_config.catch_bridged_interfaces | sed 's/ /,/g')
 
-	# stop processing the chain for authorized macs and allowed ips (so they are accepted)
+	# Stop processing the chain for authorized macs and allowed ips (so they are accepted)
 	nft add rule inet pirania prerouting ether saddr @pirania-auth-macs ct state new,established,related counter log prefix "ValidSMAC" accept
 	nft add rule inet pirania prerouting ip daddr @pirania-allowlist-ipv4 ct state new,established,related counter log prefix "ACCEPT-ipv4" accept
 	nft add rule inet pirania prerouting ip6 daddr @pirania-allowlist-ipv6 ct state new,established,related counter log prefix "ACCEPT-ipv6" accept
 
-	# send DNS requests, that are not from valid ips or macs, to our own captive portal DNS at 59053
-	nft add rule inet pirania prerouting meta l4proto udp udp dport 53 ether saddr != @pirania-auth-macs ct state new,established,related counter log prefix "SMACDNS"  redirect to :59053
-	# redirect packets with dest port 80 to port 59080 of this host (the captive portal page).
-	nft add rule inet pirania prerouting meta l4proto tcp tcp dport 80 ether saddr != @pirania-auth-macs ct state new,established,related counter log prefix "SMACHTTP"  redirect to :59080
-
-	#nft add rule inet pirania prerouting meta l4proto tcp tcp dport 80 ip saddr @pirania-allowlist-ipv4 ct state new,established,related counter log prefix "IPv4HTTP" redirect to :59080
-	#nft add rule inet pirania prerouting meta l4proto tcp tcp dport 80 ip6 saddr  @pirania-allowlist-ipv6 ct state new,established,related counter log prefix "IPV6HTTP" redirect to :59080
-
-	#nft add rule inet pirania prerouting meta l4proto udp udp dport 53 ip saddr @pirania-allowlist-ipv4 ct state new,established,related counter redirect to :59053
-	#nft add rule inet pirania prerouting meta l4proto udp udp dport 53 ip6 saddr @pirania-allowlist-ipv6 ct state new,established,related counter redirect to :59053
-
-
-	# reject
-
-	#nft add rule inet pirania prerouting drop
-	#nft add rule inet pirania forward meta mark 0x11/0x11 counter reject with tcp reset
-	#nft add rule inet pirania forward meta mark 0x11/0x11 counter reject
+	# Send DNS requests, that are not from valid ips or macs, to our own captive portal DNS at 59053
+	nft add rule inet pirania prerouting meta l4proto udp udp dport 53 ether saddr != @pirania-auth-macs ct state new limit rate 10/second counter log prefix "SMACDNS"  redirect to :59053
+	# Redirect packets with dest port 80 to port 59080 of this host (the captive portal page).
+	nft add rule inet pirania prerouting meta l4proto tcp tcp dport 80 ether saddr != @pirania-auth-macs ct state new limit rate 10/second counter log prefix "SMACHTTP"  redirect to :59080
 
 }