reset anti-lockout rule
-
hello I have created an aggregation 4 4 LACP network interfaces. the automatically created anti-lockout rule disappeared in the firewall, how can I restore it?
-
Goto System > Advanced >Admin Access
and remove the check from :
Result :
I works for a LAN type interface.
Dono if "aggregation 4 4 LACP" is considered as a "normal" interface.The good new : the rule is nothing special - and not essential.
It's a pass rule for ports 80 and 443, TCP, source : the connected network, for a LAN this is "LAN Address". This rule must be at the top of the rule list.It's just a anti shoot in the foot rule, and placed on the LAN interface where only trusted (by the admin) devices are connected.
All other devices belong on other 'LAN' type interface, and these networks do (should) not have access to the pfSense GUI (the should have a rule that blocks the GUI traffic). -
It probably just moved to the new interface when you assigned it. That's expected if you previously only had WAN assigned.
-
@gertjan to me it is already like this without the flag
-
@wifi75
the documentation ** is here : /etc/inc/filter.inc :
It says :
/* if antilockout is enabled, LAN exists and has
* an IP and subnet mask assigned
*/
for systems with more then 1 interface, and one interface is known as the 'lan'.
Or, systems with 1 interface, and that interface is known as the 'wan'.I guess your "LACP" isn't isn't qualified as the 'lan'.
Don't bother : create the rule yourself on the interface you like.
-
stephenw10 Netgate Administratorlast edited by stephenw10 Jan 18, 2022, 4:55 PM Jan 18, 2022, 4:53 PM
Looks like you may be running a very old version: https://forum.netgate.com/post/1020459
Unless that's not your screenshot.Not that it should make any difference to this.
-
@stephenw10 linke this it is ok?
-
That looks fine for general access.
You don't really need those top two rules, the pass-all rule covers that traffic.
The anti-lockout rule will be on your VLAN10 interface.
Steve