pfSense English Support > Captive Portal

[Captive Portal] Blocking a Previously White-listed MAC Doesn't Work Right

(1/1)

Salad360:
I'm using the Captive Portal in Pfsense 2.4.2-p1 for MAC access control. Blocking a MAC address ahead of time works normally, however, when I try blocking a MAC address that had previously been white-listed, the device is still able to pass through the firewall. The obvious things didn't fix itórestarting the Captive Portal, resetting the state table... To fix it I had to go to Status > Captive Portal and click 'Disconnect all Users' despite the fact that no users were logged into the portal. Seems a little counter-intuitive... A device I thought I blocked could have had access through the portal and I would have never known had I not tested it.

Gertjan:
Hi,

Tried what you dit, and found the same thing.
Adding a MAC went fine :

--- Code: ---[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
sis0 2100 81332 26542518 1514277511
.....
--- table(cpzone1_pipe_mac), set(0) ---
....
 90:b9:31:77:5e:26 any 2089 735 146170 1514277508
 any 90:b9:31:77:5e:26 2088 1226 160686 1514277508
....
--- End code ---
and it was there : "90:b9:31:77:5e:26".

But deleting it .... didn't work.
The rule was still there -> oops.

When I saw the error in the log:

--- Code: ---/services_captiveportal_mac.php: The command '/sbin/ipfw -q /tmp/cpzone1_mac5a420a8e8cffc_tmp' returned exit code '65', the output was 'Line 1: Table _pipe_mac does not exist'

--- End code ---
I understood that "$cpzone" wasn't defined so this is what I did to make it work:
Open /etc/inc/captiveportal.inc - locate this line (around 1194) :

--- Code: ---function captiveportal_passthrumac_delete_entry($macent) {
--- End code ---
and add line this just below it :

--- Code: --- global $cpzone;
--- End code ---

The result is :

--- Code: ---function captiveportal_passthrumac_delete_entry($macent) {
global $cpzone;
$rules = "";
--- End code ---

Can you edit the same file, and add that one line ? and confirm the results  ?


Salad360:
I modified the file as directed. Blocking MAC addresses now works as expected, however, now the captive portal is prompting my test vm for the portal login even after white-listing it. 

==EDIT 8:10 PM EST==
This might have been due to Chrome's cache interfering. Will test more.

==EDIT 8:18 PM EST==
It was my browser cache playing tricks on me. Your edit seems to have done it.  :)

Gertjan:
Good !

This is probably a small bug then - consider it squashed.

edit : notified : https://redmine.pfsense.org/issues/8238

Navigation

[0] Message Index

Go to full version