From 1ac3f123bee6bcba119b4fffb345ad7e2cace10e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 2 Jan 2015 13:34:26 +0000
Subject: [PATCH] flush ipfw when captiveportal is disabled

---
 .../OPNsense/CaptivePortal/CPClient.php       | 45 +++++++++++++++----
 .../models/OPNsense/CaptivePortal/Rules.php   |  3 +-
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
index 7e40e0d97..100f52429 100644
--- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
+++ b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
@@ -152,6 +152,27 @@ class CPClient {
         }
     }
 
+    /**
+     * check if captiveportal is enabled (traverse zones, if none active return false )
+     * @return bool
+     */
+    public function isEnabled()
+    {
+        $enabled_zones = 0 ;
+        foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) {
+            if (isset($zone->enable)) {
+                $enabled_zones++;
+            }
+        }
+
+        if ($enabled_zones > 0) {
+            return true;
+        } else {
+            return false ;
+        }
+    }
+
+
     /**
      *
      * @param $zoneid
@@ -255,18 +276,24 @@ class CPClient {
     /**
      * Reconfigure zones ( generate and load ruleset )
      */
-    public function reconfigure(){
-        $ruleset_filename = \Phalcon\DI\FactoryDefault::getDefault()->get('config')->globals->temp_path."/ipfw.rules";
-        $this->rules->generate($ruleset_filename);
+    public function reconfigure()
+    {
+        if ( $this->isEnabled() ) {
+            $ruleset_filename = \Phalcon\DI\FactoryDefault::getDefault()->get('config')->globals->temp_path."/ipfw.rules";
+            $this->rules->generate($ruleset_filename);
 
-        // load ruleset
-        $this->shell->exec("/sbin/ipfw -f ".$ruleset_filename);
+            // load ruleset
+            $this->shell->exec("/sbin/ipfw -f ".$ruleset_filename);
 
-        // update tables
-        $this->update();
+            // update tables
+            $this->update();
 
-        // after reinit all accounting rules are vanished, reapply them for active sessions
-        $this->loadAccounting();
+            // after reinit all accounting rules are vanished, reapply them for active sessions
+            $this->loadAccounting();
+        } else {
+            // captiveportal is disabled, flush all rules to be sure
+            $this->shell->exec("/sbin/ipfw -f flush" );
+        }
     }
 
     /**
diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/Rules.php b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/Rules.php
index 097d5a009..75dcc3554 100644
--- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/Rules.php
+++ b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/Rules.php
@@ -293,8 +293,7 @@ class Rules {
         $this->rules[] = "add 65534 deny all from any to any";
     }
 
-
-
+    
     /**
      * load ruleset
      */