Project

General

Profile

Bug #4381

Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port

Added by Jim Pingle over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
02/05/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.2
Affected Architecture:
All

Description

pfSense 2.1.x had an automatic captive portal pass rule to allow users to reach the portal daemon, this automatic rule is gone from 2.2 so users with strict rulesets have to manually guess/locate the CP daemon port for their zone and add a manual rule.

It's a support headache as well as a POLA violation, so we should probably bring that rule back. If it needs to be optional, there could be a checkbox on the portal config for it.

Associated revisions

Revision 8b4c7ed1 (diff)
Added by Ermal Luçi over 5 years ago

Fixes #4381 this was a leftover of the change of zoneids to start from 2.

Revision bb8a30c2 (diff)
Added by Ermal Luçi over 5 years ago

Fixes #4381 this was a leftover of the change of zoneids to start from 2.

History

#1 Updated by Jim Pingle over 5 years ago

Update:

The rule is there but broken, pointing to the wrong port numbers, for example:

/tmp/rules.debug has:

pass in  quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 3 2 } tracker 1000000551 keep state(sloppy)

Which should be:

pass in  quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 8003 8002 } tracker 1000000551 keep state(sloppy)

#2 Updated by Ermal Luçi over 5 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#3 Updated by Ermal Luçi over 5 years ago

#4 Updated by Chris Buechler about 5 years ago

  • Status changed from Feedback to Resolved

works

Also available in: Atom PDF