Project

General

Profile

Actions

Bug #741

closed

Captive Portal ipfw rules missing local IP allow

Added by Chris Buechler over 13 years ago. Updated over 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
07/16/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

In all previous versions, rules were added to allow all traffic to and from the interface IP where captive portal is enabled. 2.0 does not have these rules, which breaks scenarios such as where the RADIUS server resides on the interface where captive portal is enabled. These should be added back. One example from 1.2.3:

00500   10180   1574992 allow ip from 192.168.11.1 to any out via em1
00501    9524   1615062 allow ip from any to 192.168.11.1 in via em1
Actions #1

Updated by Ermal Luçi over 13 years ago

The problem with this is that it will open all the services on the host.
Why not call this a configuration problem and tell people to just bind radius to localhost!

From developer point of view opening the pfSense host simplifies a lot of initialization code.(for reference)

Actions #2

Updated by Chris Buechler over 13 years ago

Only if the configured pf ruleset allows access to the host. That's always been the behavior, and this breaks other things apparently like upnp. The previous behavior should be restored.

Actions #3

Updated by Ermal Luçi over 13 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Chris Buechler over 13 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF