diff --git a/gestion/gen_confs/firewall4/komaz.py b/gestion/gen_confs/firewall4/komaz.py
index 13f629d3..7fa8ed55 100644
--- a/gestion/gen_confs/firewall4/komaz.py
+++ b/gestion/gen_confs/firewall4/komaz.py
@@ -41,6 +41,9 @@ class firewall(base.firewall_routeur):
             'upload' : base.Ipset("BLACKLIST-UPLOAD","ipmap","--from 138.231.136.0 --to 138.231.151.255"),
         })
 
+        # Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer
+        self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "ipmap", "--from 138.231.136.0 --to 138.231.151.255")
+
     def blacklist_maj(self, ips):
         """Mise à jour des blacklistes"""
         self.blacklist_hard_maj(ips)
@@ -335,6 +338,7 @@ class firewall(base.firewall_routeur):
             pretty_print(table, chain)
             for net in base.config.NETs['all']:
                 self.add(table, chain, '-d %s -j RETURN' % net)
+            self.add(table, chain, '-p tcp --dport 80 -m set --match-set %s src -j RETURN' % self.ipset['confirmation'] ) # Les gens qui ont cliqué -> fine !
             self.add(table, chain, '-p tcp --dport 80 -m set --match-set %s src -j DNAT --to-destination 10.231.136.4:3128' % self.ipset['blacklist']['soft'] )
             print OK