Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Moving anti-lockout to a different LAN interface

    Firewalling
    3
    5
    233
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Airone 0
      last edited by

      Hello all,
      there is a way to move anti-lockout rule from LAN1 to LAN2? My Netgate 4100 is installed on LAN2, but I don't see any possibility to move the above rule. Thank you.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Airone 0
        last edited by

        @Airone-0 said in Moving anti-lockout to a different LAN interface:

        My Netgate 4100 is installed on LAN2

        Go to your LAN, take a screen shot of the anti lock out rule, and then switch to LAN2, create a rule yourself, and make sure its on top ?!

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • A
          Airone 0
          last edited by

          Are you telling me that there is no possibility of moving the rule? Very strange that no one has thought of that.
          Anyway, thanks.

          GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
          • GertjanG
            Gertjan @Airone 0
            last edited by

            @Airone-0 said in Moving anti-lockout to a different LAN interface:

            Very strange

            Not really.
            For historical reasons, routers, firewalls etc, the LAN interface is the interface used by the admin.
            And maybe, but rarely, some other people / equipment.
            All the other users / devices, who do not have to administer the router firewall, are attached to other LAN type interfaces.

            I created one myself for a LAN type interface :

            d996090d-2696-4f8e-b266-05e12fdbddfb-image.png

            The Alias Admin_access is :

            97b30e85-c210-4ab5-bc75-3ce199b189a6-image.png

            because my pfSEnse uses SSH = port 22 and the GUI uses https = port 443.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Airone 0
              last edited by

              @Airone-0 The rule is to make sure a admin doesn't lock themselves out of the firewall.. But you can for sure as @Gertjan mentioned create your own allow rules to access pfsense gui and or ssh from some other network/vlan

              And then if you so desire disable that built in lock out rule on the lan interface..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.