Reply To: Possible security-bug in the CAPTIVE PORTAL!

Home Page Forums Network Management Signal a BUG Possible security-bug in the CAPTIVE PORTAL! Reply To: Possible security-bug in the CAPTIVE PORTAL!

#46144

imported_fulvio
Participant

The firewall rules are processed before of the captive portal ones. Therefore if you use the ACCEPT target, the captive portal is bypassed. The workaround is to create the rules not directly in the FORWARD but in a user defined Chain. This is an example:

Chain FORWARD (policy ACCEPT 160 packets, 62780 bytes)
pkts bytes target prot opt in out source destination
178 63796 allowedproto all — * * 0.0.0.0/0 0.0.0.0/0
160 62780 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

Chain allowedproto (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN icmp — * * 0.0.0.0/0 0.0.0.0/0
59 7322 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
101 55458 RETURN all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
20 1112 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Regards
Fulvio