Possible security-bug in the CAPTIVE PORTAL!

Home Page Forums Network Management Signal a BUG Possible security-bug in the CAPTIVE PORTAL!

This topic contains 1 reply, has 0 voices, and was last updated by  jjdk 11 years, 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40908

    jjdk
    Member

    Hi Fulvio

    I have been testing Zeroshell this weekend to see if it something we can use at work and i love it(so now I use it at home 😀 )!
    However, i have found the following security-bug:

    When changing the firewall policy for the FORWARD rule from “Accept” to “Drop” it do as expected; nothing is getting through the firewall. However I wanted my Captive Portal users to be able to use the following services SMTP, IMCP, HTTP, HTTPS and sip.
    So I started to add them as “Accept” rules which works fine, however I soon discovered that I could ping my mail-server and telnet it as well on port 25 regardless of the fact that I wasn’t even login through the Captive Portal.
    So I decided to change the policy back to “Accept” and everything started to work again; No passing through of any kind unless I was logged in through the Captive Portal.

    Can you by any change fix this bug? 😆

    Kind regards
    JJ

    #46144

    imported_fulvio
    Participant

    The firewall rules are processed before of the captive portal ones. Therefore if you use the ACCEPT target, the captive portal is bypassed. The workaround is to create the rules not directly in the FORWARD but in a user defined Chain. This is an example:

    Chain FORWARD (policy ACCEPT 160 packets, 62780 bytes)
    pkts bytes target prot opt in out source destination
    178 63796 allowedproto all — * * 0.0.0.0/0 0.0.0.0/0
    160 62780 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

    Chain allowedproto (1 references)
    pkts bytes target prot opt in out source destination
    0 0 RETURN icmp — * * 0.0.0.0/0 0.0.0.0/0
    59 7322 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    101 55458 RETURN all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    20 1112 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Regards
    Fulvio

    #46145

    jjdk
    Member

    Hi Fulvio,

    Thanks for your quick response!

    I’m having a hard time trying to figure out what exactly I need to do:
    I have created an chain called ”captive_portal_forward”(instead of “allowedproto”) and added it to the top of the FORWARD chain, but i can’t sew anywhere where i can define the package bytes, nor can I see the “system” chain “CapPort” in the Chain drop down list.

    Can you please point me in the right direction, thanks 🙄
    JJ

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.