define captive_portal_interface = {{ captive_portal.interface }}
define captive_portal_http_redirect_port = {{ captive_portal.http_redirect_port }}

table inet captive_portal {
        set allowed_macs {
                type ether_addr;
                timeout {{ captive_portal.timeout }};
        }

        chain forward {
                type filter hook forward priority filter; policy accept;
                iifname != $captive_portal_interface return
                ether saddr @allowed_macs return

                reject with icmpx type no-route
        }

        chain dstnat {
                type nat hook prerouting priority dstnat; policy accept;
                iifname != $captive_portal_interface return
                ether saddr @allowed_macs return

                tcp dport 80 redirect to :$captive_portal_http_redirect_port
        }
}