From c2c366ab61bccdf7ee0b2894876eb28b8a8d02d1 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Sat, 6 Jun 2009 08:58:44 +0000
Subject: [PATCH] luci-0.8: splash: add counter rules, implement temporary bans

---
 .../luci-splash/root/etc/init.d/luci_splash   | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash
index b6eaf325ae..d16eaba9cf 100755
--- a/applications/luci-splash/root/etc/init.d/luci_splash
+++ b/applications/luci-splash/root/etc/init.d/luci_splash
@@ -35,14 +35,24 @@ blacklist_add() {
 	local cfg="$1"
 	
 	config_get mac "$cfg" mac
-	[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+	[ -n "$mac" ] && {
+		iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+		iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+	}
 }
 
 whitelist_add() {
 	local cfg="$1"
 	
 	config_get mac "$cfg" mac
-	[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN
+	config_get ban "$cfg" kicked
+
+	ban=${ban:+DROP}
+
+	[ -n "$mac" ] && {
+		iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+		iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}"
+	}
 }
 
 boot() {
@@ -57,10 +67,11 @@ start() {
 	config_load luci_splash
 	
 	### Create subchains
+	iptables -N luci_splash_counter
 	iptables -t nat -N luci_splash_portal
 	iptables -t nat -N luci_splash_leases
 	iptables -t nat -N luci_splash_prerouting
-	
+
 	### Build the main and portal rule
 	config_foreach blacklist_add blacklist
 	config_foreach whitelist_add whitelist
@@ -68,6 +79,8 @@ start() {
 	config_foreach iface_add iface
 	
 	### Build the portal rule
+	iptables -I INPUT -j luci_splash_counter
+	iptables -I FORWARD -j luci_splash_counter
 	iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN
 	iptables -t nat -A luci_splash_portal -p icmp -j RETURN
 	iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN
@@ -91,16 +104,20 @@ stop() {
 	### Clear interface rules
 	config_load luci_splash
 	config_foreach iface_del iface
+	iptables -D INPUT -j luci_splash_counter
+	iptables -D FORWARD -j luci_splash_counter
         
 	### Clear subchains
 	iptables -t nat -F luci_splash_leases
 	iptables -t nat -F luci_splash_portal
 	iptables -t nat -F luci_splash_prerouting
+	iptables -F luci_splash_counter
 	
 	### Delete subchains
 	iptables -t nat -X luci_splash_leases
 	iptables -t nat -X luci_splash_portal
 	iptables -t nat -X luci_splash_prerouting
+	iptables -X luci_splash_counter
 
 	### Stop the splash httpd
 	start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q
-- 
2.30.2