Reply To: CP issue

Home Page Forums Network Management ZeroShell CP issue Reply To: CP issue

#50437

redfive
Participant

Hi, bad news…. I installed on my winx pc Hotspot Shield, and I can surf the web without the login in the captive portal page…the program uses the 8046 udp port
How can I make a firewall rule that allow hosts ( before the authentication ) only the 80 and 443 tcp ports ?

here my firewall rules, the captive portal is active on ETH01.6
and I belive the CapPort rule are correct , at time of this firewall’s rule capture no host was connected

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25915 3848K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2479 311K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
624 38516 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/00
1′
0 0 ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/002′
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195
118 15710 LOG all — ETH00 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/003′
1288 233K ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/004′
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
1331 85975 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
5623 394K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/007′
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 LOG tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/008′
0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
2376 96652 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/009′
2748 117K DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 17698 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
001′
1045 522K ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP 41 — * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 DROP udp — ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/005′
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
62 7494 LOG all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/006′
997 153K ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 LOG udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/010′
0 0 DROP udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
013′
0 0 ACCEPT all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/014′
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 LOG all — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/015′
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 14554 packets, 4834K bytes)
pkts bytes target prot opt in out source destination
25430 6731K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

Chain CapPort (1 references)
pkts bytes target prot opt in out source destination
0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

Chain CapPortACL (1 references)
pkts bytes target prot opt in out source destination
0 0 CapPortFS all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPortFC all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPortWL all — * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain CapPortFC (1 references)
pkts bytes target prot opt in out source destination

Chain CapPortFS (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67

Chain CapPortWL (1 references)
pkts bytes target prot opt in out source destination

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
2021 257K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
458 53926 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
160 253K ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
823 72820 ACCEPT tcp — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
0 0 DROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
206 17987 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
186 250K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
12 912 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
1390 84828 RETURN all — * * 0.0.0.0/0 0.0.0.0/0

Thanks