Project

General

Profile

Actions
Copy link

Bug #15926

closed

Captive Portal does not function with MAC filtering disabled

Added by Paul Kutzer 10 days ago. Updated 1 day ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
Captive Portal
Target version:
2.8.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.03
Release Notes:
Default
Affected Version:
2.8.0
Affected Architecture:

Description

Since 24.11, no cpzoneid_X_auth rules are created for captive portal sessions after successful authentication if MAC filtering is disabled in the zone configuration.

Result:
Portal login is successful, but no traffic can pass the pfSense because no rules are created (visible via "pfSsh.php playback pfanchordrill").

How to reproduce:
Configure "Disable MAC filtering" for a captive portal zone and authenticate with a new device.

Reason:
The function captiveportal_ether_configure_entry(...) inside /etc/inc/captiveportal.inc calls the function config_path_enabled("captiveportal/{$cpzone}/nomacfilter") with probably wrong arguments. After replacing it with config_path_enabled("captiveportal/{$cpzone}", "nomacfilter") everything seems to work as expected (rules are created again).

Actions
Copy link
 #1

Updated by Georgiy Tyutyunnik 9 days ago

confirmed, tested on:
24.11-RELEASE (amd64)
built on Wed Nov 27 19:22:00 CET 2024
FreeBSD 15.0-CURRENT

Actions
Copy link
 #2

Updated by Marcos M 9 days ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from Captive Portal broken if MAC filtering is disabled to Captive Portal breaks when MAC filtering is disabled
  • Category changed from Captive Portal to Captive Portal
  • Status changed from New to In Progress
  • Assignee set to Marcos M
  • Target version set to 2.8.0
  • Affected Plus Version deleted (24.11)
  • Plus Target Version set to 25.03
  • Affected Version set to 2.8.0
  • Affected Architecture deleted (amd64)
Actions
Copy link
 #3

Updated by Marcos M 9 days ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Lev Prokofev 9 days ago

Looks like the fix working, tested on 24.11

cpzoneid_2_allowedhosts rules/nat contents:

cpzoneid_2_auth rules/nat contents:

cpzoneid_2_auth/192.168.130.10_32 rules/nat contents:
ether pass in quick proto 0x0800 l3 from 192.168.130.10 to any tag cpzoneid_2_au                                                                                                                                   th dnpipe 2000
ether pass out quick proto 0x0800 l3 from any to 192.168.130.10 tag cpzoneid_2_a                                                                                                                                   uth dnpipe 2001
Actions
Copy link
 #5

Updated by Jim Pingle 4 days ago

  • Subject changed from Captive Portal breaks when MAC filtering is disabled to Captive Portal does not function with MAC filtering disabled
Actions
Copy link
 #6

Updated by Marcos M 1 day ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF