From 167a2eb985e3f06443278e9cb92b5689da2c6e57 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 26 Jun 2024 15:34:10 +0200
Subject: [PATCH] Services: Captive Portal: Administration - remove Transparent
 proxy settings, closes https://github.com/opnsense/core/issues/7557

---
 .../OPNsense/CaptivePortal/forms/dialogZone.xml  | 14 --------------
 .../OPNsense/CaptivePortal/CaptivePortal.xml     |  8 --------
 .../service/templates/OPNsense/IPFW/ipfw.conf    |  2 --
 .../service/templates/OPNsense/IPFW/ipfw.fw.conf | 16 ----------------
 4 files changed, 40 deletions(-)
 delete mode 100644 src/opnsense/service/templates/OPNsense/IPFW/ipfw.fw.conf

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/forms/dialogZone.xml b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/forms/dialogZone.xml
index 71c3c2c9a..c83111975 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/forms/dialogZone.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/forms/dialogZone.xml
@@ -92,20 +92,6 @@
         <allownew>true</allownew>
         <advanced>true</advanced>
     </field>
-    <field>
-        <id>zone.transparentHTTPProxy</id>
-        <label>Transparent proxy (HTTP)</label>
-        <type>checkbox</type>
-        <help><![CDATA[Forward HTTP traffic to transparent proxy]]></help>
-        <allownew>true</allownew>
-    </field>
-    <field>
-        <id>zone.transparentHTTPSProxy</id>
-        <label>Transparent proxy (HTTPS)</label>
-        <type>checkbox</type>
-        <help><![CDATA[Forward HTTPS traffic to transparent proxy]]></help>
-        <allownew>true</allownew>
-    </field>
     <field>
         <id>zone.extendedPreAuthData</id>
         <type>checkbox</type>
diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CaptivePortal.xml b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CaptivePortal.xml
index 534e5401b..de9b76664 100644
--- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CaptivePortal.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CaptivePortal.xml
@@ -72,14 +72,6 @@
                 <allowedMACAddresses type="MacAddressField">
                     <asList>Y</asList>
                 </allowedMACAddresses>
-                <transparentHTTPProxy type="BooleanField">
-                    <Default>0</Default>
-                    <Required>Y</Required>
-                </transparentHTTPProxy>
-                <transparentHTTPSProxy type="BooleanField">
-                    <Default>0</Default>
-                    <Required>Y</Required>
-                </transparentHTTPSProxy>
                 <extendedPreAuthData type="BooleanField">
                     <Default>0</Default>
                     <Required>Y</Required>
diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 332faeeea..0309547f1 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -215,8 +215,6 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
 {% endfor %}
 {% endif %}
 
-{% include "OPNsense/IPFW/ipfw.fw.conf" ignore missing with context %}
-
 # pass authorized
 add 65533 pass ip from any to any
 
diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.fw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.fw.conf
deleted file mode 100644
index 9cbf60189..000000000
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.fw.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-
-{#
-  parse all active captive portal zones and create redirect rules where transparent mode is enabled
-#}
-{% for cp_zone in cp_interface_list %}
-{% if cp_zone.obj.transparentHTTPProxy|default('0') == '1' %}
-# HTTP redirect {{ cp_zone.zone }}
-add 60005 skipto 65533 tcp from me to any dst-port 80 via {{ cp_zone.if }}
-add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.port }} tcp from any to any dst-port 80 via {{ cp_zone.if }}
-{% endif %}
-{% if cp_zone.obj.transparentHTTPSProxy|default('0') == '1' %}
-# HTTPS redirect {{ cp_zone.zone }}
-add 60005 skipto 65533 tcp from me to any dst-port 443 via {{ cp_zone.if }}
-add 65532 fwd 127.0.0.1,{{ OPNsense.proxy.forward.sslbumpport }} tcp from any to any dst-port 443 via {{ cp_zone.if }}
-{% endif %}
-{% endfor %}