diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-09-01 18:52:24 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-09-01 18:52:24 -0400 |
commit | d624c7902cf71d8fe739fd68595784949902a948 (patch) | |
tree | 000412f92938debbca3c0bcca22a144a10baf0a3 /etc/inc | |
parent | 00621aeefea3950c663810925c40fc71e19fc74d (diff) | |
download | pfsense-d624c7902cf71d8fe739fd68595784949902a948.zip pfsense-d624c7902cf71d8fe739fd68595784949902a948.tar.gz |
Since IPFW is redirecting to the captive portal running on 127.0.0.1:
65531 11375 1820680 fwd 127.0.0.1,8000 tcp from any to any in
We need to permit traffic from the Captive Portal interface to 127.0.0.1. Otherwise the portal will not come up without a seperate rule allowing it or a allow all rule.
How to reproduce: Set your captive portal interface rule to allow traffic from its subnet to it's subnet. IE: * OPT1 net * OPT1 net * * none
Try using the captive portal. Now add in this commit and the portal should work without a dedicated user rule permitting traffic to 127.0.0.1.
The other solution is to change the IPFW fwd to redirect to the Captive Portal interface IP address in question but this is much easier and just as clean.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index faa99da..35f3354 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1918,6 +1918,7 @@ function filter_rules_generate() { if (count($cpiplist) > 0 && count($cpiflist) > 0) { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); + $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { 127.0.0.1 } port { 8000 8001 } keep state(sloppy)\n"; $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; } |