That was a bug. Its not expected behavior. Rules are supposed to take effect *AFTER* authentication.
Scott On 9/12/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > OK. I need to touch CP again to see if this issue is still happening, but > the last time I played with it, if you had rules on the interface CP was > running on, with exception to the ports that we redirect (80), traffic that > matches the rules would work w/out requiring authentication. > > > --Bill > > On 9/12/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote: > > > > > > > > Fragged both routers playing around with CARP remotely to write my > previous mail so I can't get in right now .. but no .. I should have any .. > since that's the traffic I want to limit. Everything is denied unless the > client is passed-through via a mac mapping. There are NAT rules in, but all > outbound traffic is stopped as per the default rules created during install. > > > > > > > > > > > > ________________________________ > > > > > From: Bill Marquette [mailto:[EMAIL PROTECTED] > > Sent: 12 September 2005 03:17 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] Gentoo Rsync allowed past the Captive > Portal > > > > > > > > Do you have a pass any rule on that interface? It's overriding the > captive portal rules (with exception to the port 80 redirect which uses > different logic). > > > > --Bill > > > > > > > > On 9/12/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote: > > > > > > HI all > > > > > > > > So I spent most of yesterday trying to figure out why I couldn't emerge a > new Gentoo box on my network, weirdly enough emerge ---sync managed to get > through the captive portal … but then when it came time to d/l via ftp or > wget it would start downloading and then the files would fail on MD5 hash > after the " download " had completed.. I eventually realized what was going > on when I did an update last night to 0.84 and saw the "foreign" machine > being captured by the portal. I quickly added a captive portal mac > passthrough rule and all the MD5 checksum errors when away. But why did pf > let the rsync stuff through and why did it look like it was downloading > stuff, all be it rubbish ? Was it just downloading the captive portal > redirect URL all the time and padding the files out with the contents? > > > > > > > > Regards, > > > > > > > > Ivan Frimmel. > > > > HP South Africa - Sales Specialist, Industry Standard Servers > > > > Mobile : +27 83 409 2077 > > > > Direct: +27 11 785 1052 > > > > E-Mail and MSN Messenger: [EMAIL PROTECTED] > > > > > > > > > >
