Project

General

Profile

Bug #741

Captive Portal ipfw rules missing local IP allow

Added by Chris Buechler almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
07/16/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

In all previous versions, rules were added to allow all traffic to and from the interface IP where captive portal is enabled. 2.0 does not have these rules, which breaks scenarios such as where the RADIUS server resides on the interface where captive portal is enabled. These should be added back. One example from 1.2.3:

00500   10180   1574992 allow ip from 192.168.11.1 to any out via em1
00501    9524   1615062 allow ip from any to 192.168.11.1 in via em1

Associated revisions

Revision 746e60c9 (diff)
Added by Ermal Luçi almost 9 years ago

Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.

History

#1 Updated by Ermal Luçi almost 9 years ago

The problem with this is that it will open all the services on the host.
Why not call this a configuration problem and tell people to just bind radius to localhost!

From developer point of view opening the pfSense host simplifies a lot of initialization code.(for reference)

#2 Updated by Chris Buechler almost 9 years ago

Only if the configured pf ruleset allows access to the host. That's always been the behavior, and this breaks other things apparently like upnp. The previous behavior should be restored.

#3 Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#4 Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF