i have a configured hap ac2 with capsman controlling the local radios.
the default firewall rules are in place.
i have found that if i have enabled the default rule block everything not coming from the lan
then when the router reboots the wireless interfaces keep looping and incrementing their cap number but are not able to make a stable connection to capsman to get their config.
rule is
general
chain input
interface list ! (looks like an exclamation in the checkbox) Lan
Action drop
no other config
With this rule disabled though a shields up scan reveals ports 21 22 23 and 80 open.
How can i block those ports but still enable capsman operation on reboot?
Ihave already set static virtual to the wireless cap settings.
I have also added both cap and wlan interfaces that have been created to to the LAN group under interface list.
What am i looking at to do with that?
i should also add the issue only manifests itself on router reboot, if i disable the rule wait for connection then re-enable everything works fine.
Change Entry Firewal Comment “defconf: drop all not coming from LAN”. Interface List: ! LAN to WAN.
I’ve already written that Default out of Box Firewal blocks the CAP on the same router. I do not remember what version of ROS.
The explanation to this is that in order to save CPU, one of the first firewall rules is “accept packets belonging to already established connections”. So if you disable a rule preventing the connection (between the cAP software module and the cAPsMAN software module in your case), the connection establishes, and re-enabling the rule has no further effect on that connection because that connection’s packet get accepted before they reach the prohibitive rule.