Bug #566
closed
captive portal IP bypass issues
0%
Description
A few issues here.
1) It no longer works. Adding a rule with keep-state fixes it, such as:
allow ip from any to table(1) keep-state
the actual tables are correct.
2) The to/from needs to be brought back, that allows functionality that isn't possible without it, and that people currently rely on with 1.2.x. Also "both" should be an allowed option. The ipfw rules should be:
allow ip from table(1) to any keep-state
allow ip from any to table(2) keep-state
where table 1 is the "From" table, table 2 is the "To" table, and "Both" adds the IP to both tables.
Updated by Jim Pingle over 14 years ago
- Status changed from Feedback to New
It looks like there are still some issues here. A support customer called and their bypass IP was not working. It was not in the output of "ipfw table all list" but it was in the GUI. Saving the entry made it show up in the table list.
Updated by Ermal Luçi over 14 years ago
There is no place in code that this can happen unless something is clearing the tables(manually?)!
On the code paths there is no way that allowed ip can be removed after being added.
The code paths, furthermore, add all ips to the tables.
Updated by Jim Pingle over 14 years ago
In their case, it didn't work immediately after boot. Is it possible that the boot-time initialization is not working somehow?
Updated by Ermal Luçi over 14 years ago
- Status changed from New to Feedback
I think you/they need to retry again.
There was an include missing in captiveportal.inc regarding the loading of ipfw module.
Updated by