Project

General

Profile

Actions

Bug #4381

closed

Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port

Added by Jim Pingle almost 10 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
02/05/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

pfSense 2.1.x had an automatic captive portal pass rule to allow users to reach the portal daemon, this automatic rule is gone from 2.2 so users with strict rulesets have to manually guess/locate the CP daemon port for their zone and add a manual rule.

It's a support headache as well as a POLA violation, so we should probably bring that rule back. If it needs to be optional, there could be a checkbox on the portal config for it.

Actions #1

Updated by Jim Pingle almost 10 years ago

Update:

The rule is there but broken, pointing to the wrong port numbers, for example:

/tmp/rules.debug has:

pass in  quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 3 2 } tracker 1000000551 keep state(sloppy)

Which should be:

pass in  quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 8003 8002 } tracker 1000000551 keep state(sloppy)

Actions #2

Updated by Ermal Luçi almost 10 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Ermal Luçi almost 10 years ago

Actions #4

Updated by Chris Buechler almost 10 years ago

  • Status changed from Feedback to Resolved

works

Actions

Also available in: Atom PDF