Regression #13146
closed
Captive Potal: Hosts remain connected after removing them from the table
Added by Steve Wheeler over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Release Notes:
Force Exclusion
Affected Architecture:
All
Description
When you remove a connected client using the 'Disconnect this user' button in Status > Captive Portal the user is removed from the table but is still able to pass traffic.
The logs indicate the host was de-authed:
May 10 13:01:55 logportalauth 386 Zone: test_zone - DISCONNECT: unauthenticated, 3a:d2:8d:84:6e:56, 192.168.20.10
But it's still able to open outbound connections:
LAN icmp 192.168.20.10:16 -> 8.8.8.8:16 0:0 4 / 4 336 B / 336 B
WAN icmp 172.21.16.179:11535 (192.168.20.10:16) -> 8.8.8.8:11535 0:0 4 / 4 336 B / 336 B
Tested: 22.05.a.20220509.2034
- Related to Todo #13100: Transition Captive Portal from IPFW to PF added
- Release Notes changed from Default to Force Exclusion
- Affected Version set to 2.7.0
- Status changed from New to Pull Request Review
That patch looks good. After removing the host the anchor is removed from the ruleset:
[22.05-DEVELOPMENT][admin@plusdev.stevew.lan]/root: pfctl -vsA
ipsec
miniupnpd
natearly
natrules
openvpn
tftp-proxy
userrules
cpzoneid_2_allowedhosts
cpzoneid_2_auth
cpzoneid_2_auth/192.168.20.10_32
cpzoneid_2_authmac
cpzoneid_2_passthrumac
[22.05-DEVELOPMENT][admin@plusdev.stevew.lan]/root: pfctl -vsA
ipsec
miniupnpd
natearly
natrules
openvpn
tftp-proxy
userrules
cpzoneid_2_allowedhosts
cpzoneid_2_auth
cpzoneid_2_authmac
cpzoneid_2_passthrumac
Works as expected.
- Status changed from Pull Request Review to Feedback
PR was merged several days ago.
- Status changed from Feedback to Resolved
Tested:
22.05-BETA (amd64)
built on Fri May 20 06:20:45 UTC 2022
FreeBSD 12.3-STABLE
It works as expected. Disconnected users can't pass traffic.
I am marking this ticket resolved.
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by