Project

General

Profile

Actions

Bug #13742

closed

Captive Portal MAC bypass - pf rules are not enforced

Added by Mike Moore almost 2 years ago. Updated almost 2 years ago.

Status:
Not a Bug
Priority:
High
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

I am able to bypass all firewall rules for an Interface that has Captive Portal enabled using MAC or IP bypass.
This is reproducible with any client. If a MAC address is added to the bypass list the client can bypass radius authentication that is configured for the Captive Portal zone as expected. The same client is then able to navigate to any VLAN although firewall rules should prevent that client from doing so. A firewall state is created.

  • If MAC/IP bypass is NOT used and instead the client is forced to log-in through the portal which uses Radius, Firewall rules are enforced and client traffic is rejected from flowing between interfaces.**

Additional details are found in my post
https://forum.netgate.com/topic/176356/captive-portal-bypass-issue/12


Related issues

Related to Regression #13747: Captive Portal blocked MAC addresses are not blockedResolvedMarcos M

Actions
Actions

Also available in: Atom PDF