iptables captive portal remove user
Posted
by
Burgos
on Server Fault
See other posts from Server Fault
or by Burgos
Published on 2012-07-07T21:14:59Z
Indexed on
2012/07/07
21:17 UTC
Read the original article
Hit count: 280
I followed this guide: http://aryo.info/labs/captive-portal-using-php-and-iptables.html
I am implementing captive portal using iptables. I've setup web server and iptables on linux router, and everything is working as it should.
I can allow user to access internet with
sudo iptables -I internet -t mangle -m mac --mac-source USER_MAC_ADDRESS -j RETURN
and I can remove access with
sudo iptables -D internet -t mangle -m mac --mac-source USER_MAC_ADDRESS -j RETURN
However, on removal, user can still open last viewed page as many times he wants (if he restart his Ethernet adapter, future connections will be closed). On blog page I found a script
/usr/sbin/conntrack -L \
|grep $1 \
|grep ESTAB \
|grep 'dport=80' \
|awk \
"{ system(\"conntrack -D --orig-src $1 --orig-dst \" \
substr(\$6,5) \" -p tcp --orig-port-src \" substr(\$7,7) \" \
--orig-port-dst 80\"); }"
Which should remove their "redirection" connection track, as it is written, but when I execute that script, nothing happens - user still have access to that page.
When I execute /usr/sbin/conntrack -L | grep USER_IP
after executing script I am having nothing returned, so my questions: Is there anything else that can help me clean these track? Obviously - I can't reset nor mine, nor users network adapter.
© Server Fault or respective owner