Actions
Bug #4381
closed
Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port
Start date:
02/05/2015
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All
Description
pfSense 2.1.x had an automatic captive portal pass rule to allow users to reach the portal daemon, this automatic rule is gone from 2.2 so users with strict rulesets have to manually guess/locate the CP daemon port for their zone and add a manual rule.
It's a support headache as well as a POLA violation, so we should probably bring that rule back. If it needs to be optional, there could be a checkbox on the portal config for it.
Updated by Jim Pingle almost 10 years ago
Update:
The rule is there but broken, pointing to the wrong port numbers, for example:
/tmp/rules.debug has:
pass in quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 3 2 } tracker 1000000551 keep state(sloppy)
Which should be:
pass in quick on { em1 } proto tcp from any to { 192.168.30.1 } port { 8003 8002 } tracker 1000000551 keep state(sloppy)
Updated by Ermal Luçi almost 10 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 8b4c7ed15cdde2e49cfce5f96990ba1dbb2a9fd0.
Updated by Ermal Luçi almost 10 years ago
Applied in changeset bb8a30c23b04d8332e8d4fccf15ed91d950cda2b.
Updated by
Actions