Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Filter based on Mac or IP with filewall group rule set ?

    Firewalling
    1
    2
    1076
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AyeCan last edited by

      How does.

      I'm wondering what I would like to do could be done.

      My setup is: Wan (Modem) - PfSence (Dual Ethernet) - Lan (Switch)

      Mac/Ip will be used to as a allowed/trusted device(s)

      Now…

      if mac/ip is trusted.
      Check mac/ip firewall group rule set.
      if firewall passed, Grant internet usage.

      if mac/ip is not trusted.
      All DNS resolves to a lan ip and http is redirected to a web server that is a lan machine.
      At which point I can do other things that would grant a user to be able to be placed in
      a trusted group firewall state.

      Lan to Wan
      Firewall group settings A, Based on Mac/IP
      Allow unrestricted tcp/udp

      Firewall group settings B, Based on Mac/IP
      Allow TCP HTTP 80,443,8080

      Then Wan/internet to lan port forwarding
      This port to that ip port deal.

      Can this be done ?
      If yes then are their any other packages required to complete this task?

      1 Reply Last reply Reply Quote 0
      • A
        AyeCan last edited by

        Figured it out.

        Swapped the windows dhcp services for pfsence dhcp service.
        (re-created the entries in pfsense dhcp)

        Edited /usr/local/captiveportal/index.php
        (changed line 78 to header("Location: http://localdomain.ext");)
        /* be nice if the captive portal had this ability built in. */

        Edited /etc/inc/captiveportal.inc
        (changed line 417, Just changed "8000" to "8080")

        Edited /usr/local/captiveportal/index.php
        (changed line 65, Just changed ":8000" to ":8080")

        Then restarted the captive portal. and all non auth users are sent to the http://localdomain.ext
        (which is another system on the network that has the web server and database that enables me to do what I wanted and then curl to the captiveportal)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy