From e03a4ce79d4d73d76a97899253539416be1f2b40 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 12 Oct 2015 11:35:33 +0000
Subject: [PATCH] (ipfw) skip enc0 device when processing captiveportal rules,
 found issue when analyzing https://github.com/opnsense/core/issues/369

---
 src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 6b8bfdd2e..7e0e42c43 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -115,6 +115,8 @@ add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 80 via {{item.
 {% for item in no_cp_interface_list %}
 add {{6001 + loop.index }} skipto 60000 all from any to any via {{item.if}}
 {% endfor %}
+# skip ipsec tunnel device from captive portal rules
+add 6199 skipto 60000 all from any to any via enc0
 # let the responses from the captive portal web server back out
 add 6200 pass tcp from any to any out
 # block everything else (not mentioned before)