Bug #741
closed
Captive Portal ipfw rules missing local IP allow
100%
Description
In all previous versions, rules were added to allow all traffic to and from the interface IP where captive portal is enabled. 2.0 does not have these rules, which breaks scenarios such as where the RADIUS server resides on the interface where captive portal is enabled. These should be added back. One example from 1.2.3:
00500 10180 1574992 allow ip from 192.168.11.1 to any out via em1 00501 9524 1615062 allow ip from any to 192.168.11.1 in via em1
Updated by Ermal Luçi over 14 years ago
The problem with this is that it will open all the services on the host.
Why not call this a configuration problem and tell people to just bind radius to localhost!
From developer point of view opening the pfSense host simplifies a lot of initialization code.(for reference)
Updated by Chris Buechler over 14 years ago
Only if the configured pf ruleset allows access to the host. That's always been the behavior, and this breaks other things apparently like upnp. The previous behavior should be restored.
Updated by Ermal Luçi over 14 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 746e60c9ee05d270e8af303f51c9b669571b1b5a.