pfSense Support Subscription

Author Topic: [Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right  (Read 174 times)

0 Members and 1 Guest are viewing this topic.

Offline Salad360

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
I'm using the Captive Portal in Pfsense 2.4.2-p1 for MAC access control. Blocking a MAC address ahead of time works normally, however, when I try blocking a MAC address that had previously been white-listed, the device is still able to pass through the firewall. The obvious things didn't fix itórestarting the Captive Portal, resetting the state table... To fix it I had to go to Status > Captive Portal and click 'Disconnect all Users' despite the fact that no users were logged into the portal. Seems a little counter-intuitive... A device I thought I blocked could have had access through the portal and I would have never known had I not tested it.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2293
  • Karma: +173/-9
    • View Profile
Re: [Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right
« Reply #1 on: December 26, 2017, 03:03:38 am »
Hi,

Tried what you dit, and found the same thing.
Adding a MAC went fine :
Code: [Select]
[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
sis0 2100 81332 26542518 1514277511
.....
--- table(cpzone1_pipe_mac), set(0) ---
....
 90:b9:31:77:5e:26 any 2089 735 146170 1514277508
 any 90:b9:31:77:5e:26 2088 1226 160686 1514277508
....
and it was there : "90:b9:31:77:5e:26".

But deleting it .... didn't work.
The rule was still there -> oops.

When I saw the error in the log:
Code: [Select]
/services_captiveportal_mac.php: The command '/sbin/ipfw -q /tmp/cpzone1_mac5a420a8e8cffc_tmp' returned exit code '65', the output was 'Line 1: Table _pipe_mac does not exist'
I understood that "$cpzone" wasn't defined so this is what I did to make it work:
Open /etc/inc/captiveportal.inc - locate this line (around 1194) :
Code: [Select]
function captiveportal_passthrumac_delete_entry($macent) {and add line this just below it :
Code: [Select]
global $cpzone;
The result is :
Code: [Select]
function captiveportal_passthrumac_delete_entry($macent) {
global $cpzone;
$rules = "";

Can you edit the same file, and add that one line ? and confirm the results  ?


« Last Edit: December 27, 2017, 02:13:09 am by Gertjan »

Offline Salad360

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: [Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right
« Reply #2 on: December 26, 2017, 07:03:12 pm »
I modified the file as directed. Blocking MAC addresses now works as expected, however, now the captive portal is prompting my test vm for the portal login even after white-listing it. 

==EDIT 8:10 PM EST==
This might have been due to Chrome's cache interfering. Will test more.

==EDIT 8:18 PM EST==
It was my browser cache playing tricks on me. Your edit seems to have done it.  :)
« Last Edit: December 26, 2017, 07:19:30 pm by Salad360 »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2293
  • Karma: +173/-9
    • View Profile
Re: [Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right
« Reply #3 on: December 27, 2017, 01:55:36 am »
Good !

This is probably a small bug then - consider it squashed.

edit : notified : https://redmine.pfsense.org/issues/8238
« Last Edit: December 27, 2017, 02:14:56 am by Gertjan »