I don't know if this will help or not but I had similar issues recently with several pfsense firewalls I have deployed.  It ended up being my Bitdefender antivirus on my laptop that was "protecting" me and causing the web gui to come back with the empty response.  I have to either disable the protection now or add all the sites/ips to the safe list to access the firewalls.  Looking for a new A/V software program now too…

Dude if your box has been compromised and remoted.. What is 2FA going to do for your password to your firewall?  And how would they know your password? You storing it in clear text on your machine.. I think your tin foil hat is a bit too tight really…  But as stated if you want to really lock it down - only allow vpn in.. to hit your gui, and use OTP for that...

Why don't you just set a reservation for such devices so when they boot, they always get the same IP.. Then you don't need a webpage to look you will KNOW what IP said device is.. OR just access them by name if you have pfsense set to register dhcp leases. Best of both worlds - set reservation so pi1 is always 192.168.1.100 for example.. And then access it via pi1.yourlocaldomain.tld

I have the same problem with the 2.4.2 in the french WebGui. The Gateway list is empty. But it works well in English WebGui. Try to change language in System/General Setup.

I couldn't help but notice no one has acknowledged this in redmine as an feature/issue. Is this, will this get acknowledged?

Problem solved with 2.4.2**-RELEASE-p1** version 8) Good job PfSense team.  ;D

Add the following in Additional RADIUS Attributes (REPLY-ITEM) Class := admins

@KOM: i dont know is it possible, if ya how can i do it. I don't know.  That looks more like a development question, not pfSense specific, and it may be outside the scope of these forums. thanks, i solved the Problem. there is two solution: i could use tcpdump to see all the traffic including data which i send from my Computer. using tcp socket finally i choosed second way, wrote a tcp socket as Server in c and execute it from console. Now i can send commands through tcp to second System (my Gateway) with some Parameters and execute the Shell script with These parameters.

Hey look at that!  It works! Thanks so much Gertjan!!

@johnpoz: Pretty sure that is the default… Do you have this checked or not checked? Under System Advanced.. Enable webConfigurator login autocomplete When this is checked, login credentials for the webConfigurator may be saved by the browser. While convenient, some security standards require this to be disabled. Check this box to enable autocomplete on the login form so that browsers will prompt to save credentials (NOTE: Some browsers do not respect this option). I  have now checked this settings and disabled autocomplete , chrome is not offering to save password now but Mozilla still does. Thanks  for your help.

I don't think so, but let me check

For future Putty>>Restart Web Configurator I had a similar issue once and this fixed it

I think the following option on the interface is enable and you are coming from an internal ip address. "Block private networks and loopback addresses"

Indeed, that works - thank you! I had thought I'd need to apply changes to the rules by running /etc/rc.filter_configure via ssh, but this is even simpler.

That was something I searched and played with a couple of months ago. Not sure why this isn't the default.

I agree with johnpos. It would help to neaten up, particularly when you create a multitude of additional VPN interfaces

"It's like it reordered the firewall rules and locked me out." There is a specific rule to prevent that - the antilockout rule that allow the port the gui listens on and the ssh port.. Did you disable this rule? Did you create a rule in floating that happens before interface rules that overrode the antilockout rule?  Are you coming from a different network and not the lan network that doesn't have the antilock out rule?

Ok, so using the console I reset back to the factory configuration and was able to access the Web Configurator again.  Then I uploaded my previous configuration and things are back up and running.