I followed this guide: http://aryo.info/labs/captive-portal-using-php-and-iptables.html
I am implementing captive portal using iptables. I've setup web server and iptables on linux router, and everything is working as it should.
I can allow user to access internet with
sudo iptables -I internet -t mangle -m mac --mac-source USER_MAC_ADDRESS -j RETURN
and I can remove access with
sudo iptables -D internet -t mangle -m mac --mac-source USER_MAC_ADDRESS -j RETURN
However, on removal, user can still open last viewed page as many times he wants (if he restart his Ethernet adapter, future connections will be closed). On blog page I found a script
/usr/sbin/conntrack -L \
|grep $1 \
|grep ESTAB \
|grep 'dport=80' \
|awk \
"{ system(\"conntrack -D --orig-src $1 --orig-dst \" \
substr(\$6,5) \" -p tcp --orig-port-src \" substr(\$7,7) \" \
--orig-port-dst 80\"); }"
Which should remove their "redirection" connection track, as it is written, but when I execute that script, nothing happens – user still have access to that page.
When I execute /usr/sbin/conntrack -L | grep USER_IP after executing script I am having nothing returned, so my questions: Is there anything else that can help me clean these track? Obviously – I can't reset nor mine, nor users network adapter.
Update:
To avoid potential misunderstandings – commands above are raw commands that I've executed on my machine, so PHP's exec() and similar are not cause of this behavior. All commands are executing good – because on removal user can't access any other web site than the last site that he was browsing.
Best Answer
To answer your question I'd check shell_exec and exec calls are running as expected and that they are not disabled for security which is often the case.
TO warn you.
$_POST['ip']and$_POST['mac']inputs are not sanitized and are passed right into an exec() function in process.php;an attacker could launch curl to download a php shell and backdoor the site; run any command within the running users permission to do so; trash entire directories and webroots etc; please ensure you fully audit any code you have put on your system; prior to enabling exec / shell_exec functions.