Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right

    Captive Portal
    2
    4
    685
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Salad360 last edited by

      I'm using the Captive Portal in Pfsense 2.4.2-p1 for MAC access control. Blocking a MAC address ahead of time works normally, however, when I try blocking a MAC address that had previously been white-listed, the device is still able to pass through the firewall. The obvious things didn't fix it—restarting the Captive Portal, resetting the state table… To fix it I had to go to Status > Captive Portal and click 'Disconnect all Users' despite the fact that no users were logged into the portal. Seems a little counter-intuitive... A device I thought I blocked could have had access through the portal and I would have never known had I not tested it.

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        Tried what you dit, and found the same thing.
        Adding a MAC went fine :

        [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table all list
        --- table(cp_ifaces), set(0) ---
        sis0 2100 81332 26542518 1514277511
        .....
        --- table(cpzone1_pipe_mac), set(0) ---
        ....
         90:b9:31:77:5e:26 any 2089 735 146170 1514277508
         any 90:b9:31:77:5e:26 2088 1226 160686 1514277508
        ....
        

        and it was there : "90:b9:31:77:5e:26".

        But deleting it …. didn't work.
        The rule was still there -> oops.

        When I saw the error in the log:

        /services_captiveportal_mac.php: The command '/sbin/ipfw -q /tmp/cpzone1_mac5a420a8e8cffc_tmp' returned exit code '65', the output was 'Line 1: Table _pipe_mac does not exist' 
        
        

        I understood that "$cpzone" wasn't defined so this is what I did to make it work:
        Open /etc/inc/captiveportal.inc - locate this line (around 1194) :

        function captiveportal_passthrumac_delete_entry($macent) {
        

        and add line this just below it :

        	global $cpzone;
        

        The result is :

        function captiveportal_passthrumac_delete_entry($macent) {
        	global $cpzone;
        	$rules = "";
        

        Can you edit the same file, and add that one line ? and confirm the results  ?

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • S
          Salad360 last edited by

          I modified the file as directed. Blocking MAC addresses now works as expected, however, now the captive portal is prompting my test vm for the portal login even after white-listing it.

          ==EDIT 8:10 PM EST==
          This might have been due to Chrome's cache interfering. Will test more.

          ==EDIT 8:18 PM EST==
          It was my browser cache playing tricks on me. Your edit seems to have done it.  :)

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            Good !

            This is probably a small bug then - consider it squashed.

            edit : notified : https://redmine.pfsense.org/issues/8238

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post