Captive Portal - Clients not timing out

  • Hello,

    I'm playing around with the captive portal on version 2.0-ALPHA-ALPHA built on Sat Aug 22 01:39:53 UTC 2009 FreeBSD 7.2-RELEASE-p3 nanobsd.

    The setup for the captive portal works fine, the splash page comes up, and access is granted.  The problem is that even though the client meets the requirements for an idle timeout, and the entry gets purged from /var/db/captiveportal.db, the client can still make outgoing connections.

    The client's ip address is still listed in ipfw table 3 (ipfw table 3 list).

    I'm wondering if there is a bug in the function function captiveportal_disconnect, in file etc/inc/

    It contains the following, which deletes the clients ip from table 4 twice.

            mwexec("/sbin/ipfw table 4 delete {$dbent[2]}");
            mwexec("/sbin/ipfw table 4 delete {$dbent[2]}");
            mwexec("/sbin/ipfw delete {$dbent[1]}");

    Should one of those be table 3 delete?  It seems like if it really required a double delete, someone would have added a comment because that does look odd and a comment would prevent malcontents like me from posting to the list.

    AFAICT this hasn't been fixed yet according to, if it is indeed a bug.


  • When I change one of those lines to delete table 3, everything seems to work now.

    When I remove an entry from the captive portal status page, it fully removes the client and the client loses access like it should.

    If I wait for the soft/idle timeout time to pass, the client is fully removed and loses access.

    I will submit a patch for this change and a few spelling mistakes in the captive portal include file.

  • hi stompro you can tell me when i can download from snapshot without problem of idle time out..

  • Here is a patch that makes this change, and fixes a couple other typos I noticed.

    I'm not at all familiar with git so I haven't tried setting up a gitorious account and doing merge requests.  I'll try to get there eventually.

    Patch is attached.

    Developer's Certificate of Origin
    Developer's Certificate of Origin 1.1
    By making a contribution to this project, I certify that:
    (a) The contribution was created in whole or in part by me and I
        have the right to submit it under the open source license
        indicated in the file; or
    (b) The contribution is based upon previous work that, to the best
        of my knowledge, is covered under an appropriate open source
        license and I have the right under that license to submit that
        work with modifications, whether created in whole or in part
        by me, under the same open source license (unless I am
        permitted to submit under a different license), as indicated
        in the file; or
    © The contribution was provided directly to me by some other
        person who certified (a), (b) or (c) and I have not modified
    (d) I understand and agree that this project and the contribution
        are public and that a record of the contribution (including all
        personal information I submit with it, including my sign-off) is
        maintained indefinitely and may be redistributed consistent with
        this project or the open source license(s) involved.
    Signed-off-by:Josh Stompro


  • I updated the typo and not the commnets.

  • i will prove the last snapshot pfsense .. i hope that limiter and captivel portal is fixed too… thanks ermal

  • Was there something wrong with the comment fixes?


    I updated the typo and not the commnets.

  • No, just i am not the person(english one) to review them.
    Send them to coreteam@

  • Thanks, I will do that.

  • and what's happend with limiter and captive portal problems??? is it fixed???  :'(

Log in to reply