Development

docker/routlin-dash/app/factory.py

@@ -58,7 +58,7 @@ def _restricted_vlan_subnets():
     vlans = load_config().get('vlans', [])
     result = []
     for v in vlans:
-        if v.get('restricted_vlan') and v.get('subnet') and v.get('subnet_mask') is not None:
+        if v.get('restricted_vlan') in ('q', 'c') and v.get('subnet') and v.get('subnet_mask') is not None:
             result.append(f"{v['subnet']}/{v['subnet_mask']}")
     return result
 
@@ -945,6 +945,15 @@ def build_table_cell(value, render_fn, col_class='', field='', row_idx=None,
             inner = f'<span class="badge badge-disabled"{tip}>No</span>'
         return f'{td_open}{inner}</td>'
 
+    if render_fn == 'badge_vlan_restriction':
+        if value == 'q':
+            inner = '<span class="badge badge-danger" data-tooltip="Quarantined VLAN">Q</span>'
+        elif value == 'c':
+            inner = '<span class="badge badge-warning" data-tooltip="Captive Portal VLAN">C</span>'
+        else:
+            inner = '<span class="badge badge-disabled">No</span>'
+        return f'{td_open}{inner}</td>'
+
     if render_fn == 'badge_recording_on_off':
         if str(value).lower() in ('true', '1', 'yes'):
             inner = '<span class="badge badge-enabled">Recording On</span>'

docker/routlin-dash/app/pages/networklayout/action.py

@@ -49,14 +49,15 @@ def vlans_addedit():
     radius_default      = 'radius_default' in request.form
     mdns_reflection     = 'mdns_reflection' in request.form
     dnsmasq_log_queries = 'dnsmasq_log_queries' in request.form
-    restricted_vlan     = 'restricted_vlan' in request.form
+    restricted_vlan_raw = request.form.get('restricted_vlan', '').strip()
+    restricted_vlan     = restricted_vlan_raw if restricted_vlan_raw in ('q', 'c') else ''
     use_blocklists      = sanitize.filterlist(
         request.form.getlist('use_blocklists'),
         {b.get('name') for b in load_config().get('dns_blocking', {}).get('blocklists', [])},
     )
 
     if restricted_vlan and not PRO_LICENSE:
-        flash('Restricted VLAN requires a Routlin Pro license.', 'error')
+        flash('Quarantined and Captive Portal VLANs require a Routlin Pro license.', 'error')
         return redirect(f'/{_PAGE}')
 
     if not name:
@@ -269,8 +270,7 @@ def vlans_addedit():
             'use_blocklists':      use_blocklists,
             'server_identities':   new_identities,
         })
-        if PRO_LICENSE:
-            existing['restricted_vlan'] = restricted_vlan
+        existing['restricted_vlan'] = restricted_vlan if PRO_LICENSE else ''
         if dhcp_info:
             existing['dhcp_information'] = dhcp_info
         else:
@@ -330,8 +330,7 @@ def vlans_addedit():
             'mdns_reflection':     mdns_reflection,
             'server_identities':   new_identities,
         }
-        if PRO_LICENSE:
-            entry['restricted_vlan'] = restricted_vlan
+        entry['restricted_vlan'] = restricted_vlan if PRO_LICENSE else ''
         if dhcp_info:
             entry['dhcp_information'] = dhcp_info
         if is_vpn:

docker/routlin-dash/app/pages/networklayout/content.json

@@ -97,11 +97,7 @@
           "label": "Restricted",
           "field": "restricted_vlan",
           "class": "col-narrow",
-          "render": "badge_yes_no",
-          "render_options": {
-            "title_true": "Restricted VLAN",
-            "title_false": "Not Restricted"
-          }
+          "render": "badge_vlan_restriction"
         }
       ],
       "row_actions": [
@@ -350,11 +346,11 @@
             },
             {
               "type": "field",
-              "label": "%RESTRICTED_VLAN_LABEL%",
+              "label": "Restricted VLAN",
               "name": "restricted_vlan",
-              "input_type": "checkbox",
-              "disabled": "%RESTRICTED_VLAN_DISABLED%",
-              "hint": "Block devices on this VLAN from communicating with the Internet. Block all LAN traffic as well (except where Inter-VLAN-Exception rules allow)."
+              "input_type": "select",
+              "options": "%RESTRICTED_VLAN_OPTIONS%",
+              "hint": "Quarantined VLAN devices are blocked from communicating with the Internet and may only be reached by Inter-VLAN-Exception rules. Captive Portal VLAN devices are redirected to an authentication page until they complete a login or accept terms."
             },
             {
               "type": "button_row",

docker/routlin-dash/app/pages/networklayout/view.py

@@ -13,8 +13,19 @@ def collect_tokens(cfg):
     tokens['EXISTING_VLAN_IDS_JSON']   = json.dumps([v.get('vlan_id') for v in vlans])
     tokens['EXISTING_VLAN_NAMES_JSON'] = json.dumps([v.get('name')    for v in vlans])
     tokens['RADIUS_DEFAULT_VLAN']      = f'"{dv["name"]}" (VLAN {dv["vlan_id"]})' if dv else 'none set'
-    tokens['RESTRICTED_VLAN_LABEL']    = 'Restricted VLAN' if PRO_LICENSE else 'Restricted VLAN (PRO FEATURE)'
-    tokens['RESTRICTED_VLAN_DISABLED'] = '' if PRO_LICENSE else 'true'
+    tokens['PRO_LICENSE_JS'] = 'true' if PRO_LICENSE else ''
+    if PRO_LICENSE:
+        tokens['RESTRICTED_VLAN_OPTIONS'] = json.dumps([
+            {'value': '',  'label': 'Unrestricted'},
+            {'value': 'q', 'label': 'Quarantined'},
+            {'value': 'c', 'label': 'Captive Portal'},
+        ])
+    else:
+        tokens['RESTRICTED_VLAN_OPTIONS'] = json.dumps([
+            {'value': '',  'label': 'Unrestricted'},
+            {'value': 'q', 'label': 'Quarantined (PRO REQUIRED)', 'disabled': True},
+            {'value': 'c', 'label': 'Captive Portal (PRO REQUIRED)', 'disabled': True},
+        ])
     tokens['BLOCKLIST_NAME_OPTIONS']   = json.dumps([
         {'value': bl.get('name', ''), 'label': bl.get('description', bl.get('name', ''))}
         for bl in cfg.get('dns_blocking', {}).get('blocklists', [])